Originally posted by Espionage724
View Post
Announcement
Collapse
No announcement yet.
SELinux Continues Path Of Deprecating Run-Time Disabling
Collapse
X
-
Originally posted by kloczek View PostYet another reason to abandon SELinux and switch to apparmour.
That said, with rootless "containers" and namespaces, the usage of SELinux has changed. We can now shove a service in a container or locked namespace (e.g Systemd) and only use SELinux to ensure the service can't break out of that container (with rootless containers I think rare?)
- Likes 7
Comment
-
Originally posted by RahulSundaram View Post
That doesn't disable SELinux, only sets it to permissive and isn't affected by this change.
- Likes 1
Comment
-
If SELinux was designed properly people wouldn't need to disable it at run time. But it's just over-complicated, making it easier to just disable it when testing stuff than wasting time trying to figure out how permissions can be given in SELinux.
SELinux is one of the reasons I stay away from Fedora.
- Likes 2
Comment
-
Originally posted by uid313 View PostWhat is the performance penalty of SELinux and does any Linux distribution ship with SELinux enabled by default?
- Likes 1
Comment
-
Originally posted by sarmad View PostIf SELinux was designed properly people wouldn't need to disable it at run time. But it's just over-complicated, making it easier to just disable it when testing stuff than wasting time trying to figure out how permissions can be given in SELinux.
SELinux is one of the reasons I stay away from Fedora.
sure, 10 or 15 years ago it was hardly usable, but nowadays for most of the time one can forget that one uses it.
Comment
-
Originally posted by sarmad View PostIf SELinux was designed properly people wouldn't need to disable it at run time. But it's just over-complicated, making it easier to just disable it when testing stuff than wasting time trying to figure out how permissions can be given in SELinux.
SELinux is one of the reasons I stay away from Fedora.
Fedora is a workstation OS -- it's called Fedora Workstation, after all -- so it does intend to out-of-the-box have a solid server-like environment. If you don't care about industry-grade security you might possibly be served better by other distros. Or, if you want Fedora but without heightened security, it's not hard to disable SELinux entirely.
- Likes 4
Comment
Comment