top | item 19079134

(no title)

precurse | 7 years ago

Is it though? In most installation guides I've dealt with they recommend disabling it since it can cause random issues. i.e. The Percona XtraDB install guide.

I find that it's way too complicated of a layer that most people can't/won't learn. Compare this to the OpenBSD pledge and unveil which doesn't get in the way, and there's no way to disable them.

If you make something overly complicated, with the ability to disable it all too easily, then it won't get used.

discuss

bubblethink|7 years ago

>In most installation guides I've dealt with they recommend disabling it

That is generally bad advice then. selinux is used by Android and Fedora (and hence RHEL & CentOS). selinux can break things, but it is quite stable these days at least for the distro supported packages. The downside is that anything outside the distro packages will likely have no support or will run unconfined. OpenBSD unveil is still new and will face similar challenges in that it will cover the base system well, but for ports, it will be up to the port maintainer to implement it.