[BlueOnyx:04371] Re: SELinux
Michael Stauber
mstauber at blueonyx.it
Fri Apr 30 10:34:26 -05 2010
Hi Ron,
> Can anyone explain why SELinux is turned off by default with the default
> distro?
Sure: It would be possible to tweak the SELinux settings on a BlueOnyx box in
so far, that you could run with SELinux in enabled. However, this would
require quite a bit of tweaking considering all the services we're running by
default.
However, this would be a lot of work that needed to be done on a more or less
productive server on a "trial and error" basis for quite some time until you
have a ruleset that doesn't jump into your face whenever a user tries
something legit that he hadn't done before.
Eventually we would have SELinux settings that would work "out of the box" for
all the default services that BlueOnyx provides.
However: Most BlueOnyx boxes get modified over time. New software is added,
PKGs are installed, or system settings and configurations are modified by the
server admins.
If we'd had "stock" SELinux settings that worked on a vanilla BlueOnyx, then
we can almost guarantee that many BlueOnyx users would sooner or later run
into problems whenever they "play" with their server to install custom stuff.
The mailing list would be full with complains and help requests, all centered
around SELinux, until the general consent would be: "Simply turn it off".
Lastly: BlueOnyx is an evolution of BlueQuartz, where SELinux was disabled for
the same reasons, so we sort of inherited that and left SELinux disabled.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list