Linked by Thom Holwerda on Fri 29th Feb 2008 12:08 UTC, submitted by Rahul
Fedora Core "Paul Frields is new to Red Hat, but he's not new to the Fedora Linux community. Frields became the Fedora project leader and a Red Hat employee at the beginning of February. Previously Frields was a US government employee and a contributor to the Fedora community for more than four years. Frields takes over at a pivotal time for Fedora as it gears up for its next major release, Fedora 9. A feature freeze is currently set for March 4, and Frields is already ready to chat about where Fedora is heading."
Thread beginning with comment 303084
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Comment by simo
by gilboa on Sat 1st Mar 2008 23:17 UTC in reply to "RE: Comment by simo"
gilboa
Member since:
2005-07-06

And face the scorn of a community which will condemn your action as being inexcusable, and assert that you are just stupid and lazy, while advising that you should spend your days fighting the fires with setroubleshoot rather than getting real work done.

For servers facing the Internet, SELinux can be a useful tool. But for most machines the best use of time is, indeed, to turn it off as you suggest.


A. Scorn of the community? Which community? Where? Care to elaborate? (As opposed to spewing random allegations?)

B. Fedora is, among other things, about security-out-of-the-box and SELinux is a big part of that. SELinux is -vastly- more important to desktop users them what most people seem to believe. Vulnerabilities will be found and exploited by virus/work/root-kit writers - there nothing to be done about it; But when such vulnerability is found, the only thing standing between the exploit and your precious data/root account/etc is SELinux - nothing else.

C. Fedora is a -community- project. Assuming that all the bugs (SELinux or others) will somehow be magically fixed if you (as a member of community) don't take the time to report them is absurd (and I'm being -very- polite).

D. If you're still not convinced and you do not feel inclined to do anything to improve the situation (by, say, helping to improve SELinux) - I'd suggest you stay clear of Fedora. Really, nobody is forcing you.

For the record, I've got a (large) number of Fedora/CentOS/RHEL machines (I'm a software developer) - all of them with SELinux enabled in enforcing mode. While I have encountered a number of SELinux-related bugs/policy-issues, most of them were fixed within days (if not hours) of the bug report.
Granted, YMMV, but by the tone of your post (and I may be incorrect in reading it) I'd venture and guess that never really tried to help -the developers- help you.

P.S. I'd suggest you read RedHat's 3 years with RHEL 4 report. [1]

- Gilboa
[1] http://www.redhatmagazine.com/2008/02/26/risk-report-three-years-of...

Reply Parent Score: 1

RE[3]: Comment by simo
by sbergman27 on Sat 1st Mar 2008 23:48 in reply to "RE[2]: Comment by simo"
sbergman27 Member since:
2005-07-24

Scorn of the community? Which community? Where? Care to elaborate? (As opposed to spewing random allegations?)


See? An SELinux fan has just gone into attack mode as a result of my suggestion to turn it off. Didn't take long, either. Are you seriously going to argue that when the topic of disabling SELinux comes up, people (like you, apparently) come out of the woodwork to scream that doing so it wrong? Simply peruse most any thread in which turning off SELinux is suggested.

But when such vulnerability is found, the only thing standing between the exploit and your precious data/root account/etc is SELinux - nothing else.


Untrue. nx, exec-shield, and other less intrusive measures have been around for a long time. SELinux is just one of many measures. And it happens to be more intrusive, problematic, and (overly) complex than the others, including AppArmor. (Not that I'm necessarily advocating AppArmor, either.)

(and I'm being -very- polite).


Really? I suggest that turning off SELinux is often appropriate, and you accuse me of being too lazy to help out with the community project. I'd hardly call that being polite. But thanks for making my original point for me... by showing your *scorn*.

I'd suggest you stay clear of Fedora. Really, nobody is forcing you.


More scorn.

Oh, I like Fedora, alright. And RHL before that, back to about 4.1. But I simply do the reasonable thing, and turn off SELinux where appropriate, and go on. It's just too bad that people get so bent out of shape over the idea of *other people* doing so.

Reply Parent Score: 4

RE[4]: Comment by simo
by sbergman27 on Sun 2nd Mar 2008 01:57 in reply to "RE[3]: Comment by simo"
sbergman27 Member since:
2005-07-24

Hmmm. It occurs to me that my post, above, probably comes across as more confrontational than I had actually intended.

Reply Parent Score: 3

RE[4]: Comment by simo
by Finalzone on Sun 2nd Mar 2008 02:15 in reply to "RE[3]: Comment by simo"
Finalzone Member since:
2005-07-06

See? An SELinux fan has just gone into attack mode as a result of my suggestion to turn it off. Didn't take long, either. Are you seriously going to argue that when the topic of disabling SELinux comes up, people (like you, apparently) come out of the woodwork to scream that doing so it wrong? Simply peruse most any thread in which turning off SELinux is suggested.

Starting from Fedora 6, disabling SELinux is no longer an excuse because tools to diagnose the problem and report them are available, that method is the last resort.

Reply Parent Score: 0

RE[4]: Comment by simo
by gilboa on Sun 2nd Mar 2008 07:33 in reply to "RE[3]: Comment by simo"
gilboa Member since:
2005-07-06

I wonder why you conveniently forgot to quote your original text.
Let me assist you:

(sbergman27) And face the scorn of a community which will condemn your action as being inexcusable, and assert that you are just stupid and lazy, while advising that you should spend your days fighting the fires with setroubleshoot rather than getting real work done.


(gilboa) A. Scorn of the community? Which community? Where? Care to elaborate? (As opposed to spewing random allegations?)


(sbergman27) See? An SELinux fan has just gone into attack mode as a result of my suggestion to turn it off. Didn't take long...


As I'm not in the habit of feeding trolls, forgive me if I ignore the rest of your comment.

- Gilboa

Edited 2008-03-02 07:35 UTC

Reply Parent Score: 1