Subject: | |
From: | |
Reply To: | |
Date: | Mon, 9 Jan 2017 16:04:36 -0800 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On Sat, Jan 07, 2017 at 08:18:38PM -0800, jdow wrote:
>
> Blanket disabling both of [selinux and iptables] at once, permanently is stupid beyond
> belief ...
>
And then there is the reality:
In el6 (and earlier), selinux was not functional and iptables were not enabled by default.
So I see el7 is a big improvement:
a) iptables/firewalld is enabled by default and is easy to manage. no reason to turn it off ever.
b) selinux is mostly functional except for obscure bugs.
So we go from 0-out-of-2 to 2-out-of-2, unless you have been burned and scarred
(but not fired) by the NFS server bug, that it is 1-out-of-2.
--
Konstantin Olchanski
Data Acquisition Systems: The Bytes Must Flow!
Email: olchansk-at-triumf-dot-ca
Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada
|
|
|