On Sat, 2005-11-19 at 18:17 -0500, Marko A. Jennings wrote: > At least in my case, Dag is right. I've been keeping my mouth shut hoping > (against hope) that these guys would finally give the 990 of us a break. > Unfortunately, history teaches us that they don't have enough sense to do > so. I'm just tired of seeing RBAC/MAC principles, as well as the SELinux approach, being mis-represented here. I _never_ had a problem with anyone disabling it (that was _other_ people), but I do _not_ like the continued "inaccuracy of assumptions" being thrown around here. If you don't want to use SELinux, don't. But do _not_: A) Try to make all sorts of analysis based on either user services or kernel services that grant privilege -- SELinux does not, just like NetFilter doesn't either, they only remove privileges B) Continually say it does nothing for your what you do, because there are others who are using it, and they do take advantage of what it offers. C) Call an "enterprise distro" released for SMBs as well as enterprises as 'broken' merely because it offers compatibility issues with more "general" usage D) Recognize that other UNIX flavors _have_ implemented RBAC/MAC, and if companies like Red Hat do not force the issue, many SMBs and enterprises _will_ consider moving back to other UNIX flavors (like Solaris) E) Our newest entry: Comparisons to the NT RBAC/MAC model (which is actually not bad -- but it was _never_ followed by Microsoft's own applications division) Honestly, at this point with things like "E", I think people really need to _stop_ "reaching" for "excuses" that *I* never called for. If you feel you need to answer _other_ people because they said something about how you aren't a good admin, etc..., etc..., etc... get over it. Until then, I think it's a sad world when people want to continually defense a position from -- and I'm sorry -- ignorance of what SELinux is. Just forget it exists and I'll be happy. Until then, the continuous "musical positions/assumptions" are growing old. This will be my last post in this OT/Practices thread on the matter. -- Bryan J. Smith b.j.smith at ieee.org http://thebs413.blogspot.com ------------------------------------------------------------------- For everything else *COUGH*commercials*COUGH* there's "ManningCard"