On 11/30/2010 9:51 AM, Lamar Owen wrote:
If a particular app is so recalcitrant that SELinux needs to be turned off, that's when I'd be doing some drastic things, much like windows lab environments need done. Things like automatic revert to known-good snapshot on the production boxes for all but the data files. Things like isolation in a VM for those apps. Of course, that's also work, and getting SELinux working properly might be less work. Everyone wants less work per project to get more projects done, of course, but cutting corners is still cutting corners and one day it will come back to haunt the corner-cutter.
Now it is your turn to quantify: How much would you charge to teach someone to be able to make those changes and how long would it take? This has to include the ability to quickly diagnose and fix any problem that might be caused by updates to the application or to the OS distribution.
To teach, $50 per hour (if I were available to teach; at the moment I'm full on my work hours). The number of hours would depend upon the complexity of the application; for Scalix, assuming no familiarity with either Scalix or SELinux, eight to sixteen hours (one-two days).
I'm not talking about a particular app. The thing I want quantified is what it will cost to train some number of people to be able to troubleshoot any problem that SELinux might cause with any app, given potential changes in updates to both the distribution provided stuff and the 3rd party coding at any time.