[CentOS] SELinux - way of the future or good idea but !!!

m.roth at 5-cent.us m.roth at 5-cent.us
Tue Nov 30 13:55:11 EST 2010


Lamar Owen wrote:
> On Tuesday, November 30, 2010 12:18:26 pm Les Mikesell wrote:
>  > But [what it will cost to train some number of people to be able to
>> troubleshoot any problem that SELinux might cause with any app, given
>> potential changes in updates to both the distribution provided stuff and
>> the 3rd party coding at any time] is the thing someone needs to be able
>> to estimate before considering enabling SELinux on an existing farm of
>> machines running complex, pre-existing applications where the team of
>> operators has to be able to fix any potential problem quickly.
<snip>
> And is it the app causing problems with SELinux or is it SELinux causing
> problems with the app?  Or is it the lack of integrator understanding in
> marrying the two?  Or are the tools to configure the functionality to
> blame?
<snip>
Reality check time: selinux is a *tiny* portion of the entire Linux
market, though growing. However, there are a ton of apps out there, and
almost no developers who have been earning their living as programmers,
who have any knowledge of selinux. Case in point: something here,
developed in-house over the last 10-12 years, lots of cgi. Another case:
Computer Associates' SiteMinder, big bucks commercial product.

Anyone know of a list of selinux-compatible software? And how much will
the commercial software cost to upgrade it to play well with selinux? Do
you have an idea of how much multiuser commercial licenses are?

         mark



More information about the CentOS mailing list