| From: | Mark Mielke <mark(at)mark(dot)mielke(dot)cc> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Stephen Frost <sfrost(at)snowman(dot)net>, Chad Sellers <csellers(at)tresys(dot)com>, "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>, Josh Berkus <josh(at)agliodbs(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, jd <jd(at)commandprompt(dot)com>, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Adding support for SE-Linux security |
| Date: | 2009-12-10 22:24:08 |
| Message-ID: | 4B217508.6080205@mark.mielke.cc |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
My two cents - if it's desired -
I invariably disable selinux from all of my production machines. Once
upon a time I tried to work with it time and time again - but it was
such a head ache to administer for what I considered to be marginal
gains, that I eventually gave up. Every time I add a server, it needs to
be setup. Or it runs in tolerant mode at which point I'm not sure what
value I am really getting at all.
Too many times people have come to me with weird problems of servers not
starting, or not working properly, and I have now started with the
question "do you have selinux running?" "try turning it off..."
I'm sure some people somewhere love selinux - but I suspect most people
find the most relief once they turn it off.
I vote for PostgreSQL committers spending their time on things that
bring value to the most number of people.
Cheers,
mark
--
Mark Mielke<mark(at)mielke(dot)cc>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2009-12-10 22:25:10 | Re: Adding support for SE-Linux security |
| Previous Message | Andrew Dunstan | 2009-12-10 22:20:06 | Re: unprivileged user |