setenforce 0 is much cleaner, I have found.
- 0 Posts
- 4 Comments
Joined 2 years ago
Cake day: August 15th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Its just complex
When a security mechanism becomes more complex to manage than what it is supposed to protect, it becomes a vulnerability itself.
If you had a minimal system that you built from the ground up yourself and wanted to only have that system function in very specific ways, SELinux would be perfect. I would go so far as to say it would be nearing perfection in some ways.
Sorry, but in the real world, ain’t nobody got time for that shit. If you use auto configuration tools or pre-canned configs for SELinux on a system you are unfamiliar with, it’s more likely to cause application issues, create security gaps and will likely be shut off by a Jr. admin who really has no fucking clue what he is doing anyway.
It’s just easier to keep your system patched and ensure basic network security practices anyway.
It’s not impossible to manage these days. In the early days it was, but most everything is automagic now. If I am not mistaken, SELinux can be enabled to ‘log only’ which would give you data better handled by a HIPS anyway. (Don’t quote me on that.)
they realized that if layers of goldbeater’s skin were laid on top of each other when wet, they fuse together as they dry.
https://www.warhistoryonline.com/war-articles/zeppelins-made-out-of-cow-intestines.html
If the skin was moistened again and pieces were patch-worked together into large sheets, they’d dry with airtight seals. No other material — including rubber — could be this tightly sealed.
I couldn’t find anything on a specific pattern of the “fabric”, but what I did find was the natural glues(?) worked fine for it being airtight.
Oh, I am not doubting that there were specific patterns of this stuff, but I can’t find any references. (I have an interest in wartime engineering, s’all)
Sorry if it sounded like my rant was directed at you as it absolutely wasn’t. Your comment triggered me, because I absolutely fully agreed with yours as well. ;)