Follow

When you try a different hoster, install CentOS and the first thing you notice is that SELinux is not enabled… 🤦‍♂️ 🤦‍♂️ 🤦‍♂️ 🤦‍♂️ 🤦‍♂️ 🤦‍♂️

stopdisablingselinux.com/

@rain I was originally written by the NSA, yes. Then published, open sourced and reworked by RedHat, as well as audited by RedHat and the Kernel community just to finally make it in various other distributions including versions of Gentoo, Debian and Arch…

Just because something way developed by the NSA doesn't mean it's automatically bad. Yes, it makes sense to double-check, maybe triple-check, but SELinux is definitely not the secret NSA backdoor.

@sheogorath why'd SELinux be enabled tho if you never explicitly enabled it...?

@Wolf480pl Because that's what the default setup does when you not explicitly turn it off?

(And yes, I just installed a VM to verify my statement)

@sheogorath
Why is it not the default setup tho?
I wouldn't want SELinux (or, for that matter, any non-essential thing) enabled by default on a freshly installed system.

@sheogorath you act like selinux is a fundamental security component. it isn't. selinux policies are complex to write

i guess if you mean your distro has a default selinux policy, that would make a bit more sense, but i still believe it isnt a necessity to have selinux enabled everywhere. by enabling selinux you also have to consider the additional code complexity and moving parts; there are more things that can go wrong (and have went wrong in the past; selinux has introduced security holes before)
Sign in to participate in the conversation
Sheogorath's Microblog

This instance is the microblog to my blog. You'll probably find more recent content here while finding more elaborated content on the blog. Impressum / Datenschutz / Privacy