Announcement

**hoohoo** · 16 December 2015, 01:39 PM

Originally posted by Ericg View Post

And it's been vetted, examined, audited, twisted and turned in every way imaginable for over a decade.

I expect NSA has something sneaky in the way of non-obvious side effects that result from compiling in it's code.

**bug77** · 16 December 2015, 02:06 PM

Originally posted by hoohoo View Post

I expect NSA has something sneaky in the way of non-obvious side effects that result from compiling in it's code.

You also expect NSA has some interest in your computer...

**Michael_S** · 16 December 2015, 02:21 PM

I ran into some problems with SELinux on Fedora 23. I had installed Fedora on an SSD and then added a spinning platter drive. For some of the home directories, I moved the files to the spinning platter drive and symlinked to them. I had the same permissions on the target files, but SELinux didn't like that and blocked XFCE from writing to /media/sdb1/userx/.cache I monkeyed with the audit and policy tools for an hour before I gave up and moved the .cache file back to /home/userx/.cache

**hoohoo** · 16 December 2015, 03:13 PM

Originally posted by bug77 View Post

You also expect NSA has some interest in your computer...

NSA has demonstrated an interest in everyone's computer.

**eydee** · 16 December 2015, 03:47 PM

I never had performance issues with SeLinux back when I used Fedora. I did have compatibility issues, much like you have with Windows with UAC on. Programs that don't expect it try to do some "illegal" stuff and can't handle failing. Steam was the most notorious example, I always had to turn SeLinux off because of various Steam problems. This was also back in the early Steam for linux days, so it may not be like that these days.

**eduperez** · 16 December 2015, 05:17 PM

Originally posted by macemoneta View Post

I ran with SELinux enabled for about 8 years on multiple systems. I investigated every audit, wrote policies for local implementations as needed. In that time I realized that not one single event had been triggered by an actual problem. From that I concluded that our security policies were sufficiently effective, and disabled SELinux on all systems (except Android). The performance impact wasn't in the computing systems, it was in the human cost of administration.

You took the words right out of my mouth!

**Ericg** · 16 December 2015, 05:24 PM

Originally posted by eydee View Post

I never had performance issues with SeLinux back when I used Fedora. I did have compatibility issues, much like you have with Windows with UAC on. Programs that don't expect it try to do some "illegal" stuff and can't handle failing. Steam was the most notorious example, I always had to turn SeLinux off because of various Steam problems. This was also back in the early Steam for linux days, so it may not be like that these days.

Currently use Steam on Fedora, no problems to report.

**anarki2** · 16 December 2015, 05:52 PM

Originally posted by hoohoo View Post

Selinux was written by the NSA. I do not trust it.

But, but... manyeyeballs!

**cjcox** · 16 December 2015, 06:17 PM

Originally posted by hoohoo View Post

Selinux was written by the NSA. I do not trust it.

Selinux was written by the NSA. Therefore it is not well understood.

**Creak** · 16 December 2015, 06:53 PM

Originally posted by Ericg View Post

Currently use Steam on Fedora, no problems to report.

Every time I install Fedora Workstation + the proprietary stuff that makes my machine enjoyable (flash, Steam, codecs, ...), I end up disabling SELinux.
I've seen the video about "SELinux for mere mortals", but I still think SELinux should be disabled for the Workstation spin. It's just incompatible with casual desktop everyday use, it simply does not work out-of-the-box and pretty much need to have sysadmins skills to fix the ever happening problems.

Announcement

Does SELinux Have Much Of A Performance Impact On Fedora 23?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment