Les Mikesell wrote:
On Mon, Apr 2, 2012 at 5:28 AM, Johnny Hughes johnny@centos.org wrote:
Just wondering if there is any statiscs report of selinxu usages in production environment? I know some still turn it off.
If you have machines purposely serving things to the masses on the Internet, you should take the time to make SELinux work properly on those machines.
Another statistic I'd like to see is how much admin time this costs on the average to learn and implement. Has anyone really measured this? Are there training courses specifically to cover it? You might get an idea from the length and cost of the training if it covers all the quirks. These days most of the built-in stuff is pre-configured for someone's idea of working (apache not being able to send mail doesn't match my definition, though...), but any third-party or local additions to a targeted service will take time to set up.
Or, a local pet peeve, I'd like to see some game plan as to how selinux will support third-party apps that are not built with any awareness of selinux. For me, that's CA's siteminder.
mark