From owner-freebsd-questions@FreeBSD.ORG  Mon Dec 20 20:42:56 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7506E106566C
	for <freebsd-questions@freebsd.org>;
	Mon, 20 Dec 2010 20:42:56 +0000 (UTC)
	(envelope-from xaero@xaerolimit.net)
Received: from mail-ew0-f51.google.com (mail-ew0-f51.google.com
	[209.85.215.51])
	by mx1.freebsd.org (Postfix) with ESMTP id 0F0718FC0A
	for <freebsd-questions@freebsd.org>;
	Mon, 20 Dec 2010 20:42:55 +0000 (UTC)
Received: by ewy19 with SMTP id 19so1779616ewy.10
	for <freebsd-questions@freebsd.org>;
	Mon, 20 Dec 2010 12:42:55 -0800 (PST)
Received: by 10.213.106.2 with SMTP id v2mr2416097ebo.51.1292877774519; Mon,
	20 Dec 2010 12:42:54 -0800 (PST)
MIME-Version: 1.0
Received: by 10.213.112.145 with HTTP; Mon, 20 Dec 2010 12:42:34 -0800 (PST)
In-Reply-To: <AANLkTikkd03To7=8TFbcr_Euo2CWh6nD1+htL78aSeHQ@mail.gmail.com>
References: <4D0B4D1D.8010700@gmail.com>
	<AANLkTimYKW=xOrVivx5okwaWrm5AWb-Y8c2KsZbMAA+_@mail.gmail.com>
	<AANLkTiks9ze649-41X-MVryu_pHdy7uHQyvSzi8Yef_G@mail.gmail.com>
	<20101217152709.GE94554@gizmo.acns.msu.edu>
	<4D0B84F5.4010905@unsane.co.uk>
	<20101217160221.GB94970@gizmo.acns.msu.edu>
	<AANLkTi=U0t92qH1d7MEYD3DKCe9hN4KKmpffpw_o4dM4@mail.gmail.com>
	<AANLkTimGx6414RWXru10hr-09WGLcqMedZVAXsi+W0JF@mail.gmail.com>
	<AANLkTikkd03To7=8TFbcr_Euo2CWh6nD1+htL78aSeHQ@mail.gmail.com>
From: Chris Brennan <xaero@xaerolimit.net>
Date: Mon, 20 Dec 2010 15:42:34 -0500
Message-ID: <AANLkTin=XqtUC771W-7958OMdws2wpe0FMWM9zhMyP7W@mail.gmail.com>
To: David Brodbeck <gull@gull.us>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-questions@freebsd.org, krad <kraduk@gmail.com>
Subject: Re: SEBSD is dead?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Dec 2010 20:42:56 -0000

On Mon, Dec 20, 2010 at 3:11 PM, David Brodbeck <gull@gull.us> wrote:

> I've seen various HOWTOs about how to craft new rules to permit things
> like this, but many of them seemed to be out of date or referred to
> tools that don't ship with RedHat.  Documentation is thin and the rule
> syntax is so cryptic it makes sendmail.cf look like LOGO.  It was
> obviously intended to be a "no user serviceable parts inside" sort of
> system, but that only works if your setup is completely standard.
>
>
To be perfectly honest ... SELinux has frightening me from day one. For two
reasons.

1) The government had the fingers in it (I just can't fathom them
contributing positively and constructively to the F/OSS community.
2) Because it was so poorly documented that I couldn't figure it out. All it
did was serve to piss me off and I sought other, tried-and-true methods for
securing my systems.

Beyond this, I've never seen a real and valid use for SELinux ...