Re: Adding support for SE-Linux security
| От | Mark Mielke |
|---|---|
| Тема | Re: Adding support for SE-Linux security |
| Дата | |
| Msg-id | 4B217508.6080205@mark.mielke.cc обсуждение исходный текст |
| Ответ на | Re: Adding support for SE-Linux security (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
My two cents - if it's desired - I invariably disable selinux from all of my production machines. Once upon a time I tried to work with it time and time again - but it was such a head ache to administer for what I considered to be marginal gains, that I eventually gave up. Every time I add a server, it needs to be setup. Or it runs in tolerant mode at which point I'm not sure what value I am really getting at all. Too many times people have come to me with weird problems of servers not starting, or not working properly, and I have now started with the question "do you have selinux running?" "try turning it off..." I'm sure some people somewhere love selinux - but I suspect most people find the most relief once they turn it off. I vote for PostgreSQL committers spending their time on things that bring value to the most number of people. Cheers, mark -- Mark Mielke<mark@mielke.cc>
В списке pgsql-hackers по дате отправления: