[CentOS] SELinux - way of the future or good idea but !!!
christopher.chan at bradbury.edu.hk
Mon Nov 29 23:19:13 EST 2010
----- Original Message -----
From: <cpolish at surewest.net>
> Christopher Chan wrote:
>> Les Mikesell wrote:
>> >> All of the third-party software I run seems to run just fine, as long
>> >> as the right contexts are applied.
>> > Well, obviously it will work after someone takes the time to make it
>> > work. Now it is your turn to quantify: How much would you charge to
>> > teach someone to be able to make those changes and how long would it
>> > take? This has to include the ability to quickly diagnose and fix any
>> > problem that might be caused by updates to the application or to the OS
>> > distribution.
>> As was already mentioned in another post, run in permissive mode, for a
>> few days if you must, and go through all the things the software does
>> and voila! setroubleshoot and/or logs tell you what needs doing.
> Very optimistic, that. In my shop, some things run annually.
> A comprehensive system test = production, for a year. Just
> this morning a 1099 (annual tax-form) script failed in test.
For some reason, I suspect that these annual stuff would be largely run by
hand. Of course, it would be nice if you don't have to get a call for these
annual stuff but I do not see that as absolutely so disabling that SELinux
has to be disabled.
More information about the CentOS