2013-04-16

Selinux

Major Hayden of Racker Hacker wants us to use Selinux. So he's created a site to shame us into using it.

My reply:

Seriously? Your simple solution to educating people is a 52 minute video? I don't have time to watch a video to figure out selinux. 
Why do I disable selinux? Because so many of the things I install include that instruction for setting things up. If the developers of these things won't take the time to learn how to make them work in a selinux environment, why should end users be expected to do this development work -- individually, meaning a lot of duplicated and inconsistent effort? 
It is like expecting end users to put in SQL input sanitizer routines in their web apps. You are targeting the wrong community. 
Yes, a system with SELinux is, all other things being equal, more secure than one without it. But a system with one-time passwords is more secure than a system without. Security is not just a question of "more is better". System administration is a case of balance, of trade off between utility, usability, and manageability.

If you can run in a selinux-enforcing worl, I have huge respect for you, because in the past I have tried and failed. 
But until I can install the tools I need/want and have the developers support me with selinux enabled, I have more important things to do.