[CentOS] SELinux - way of the future or good idea but !!!

Sun Nov 28 13:47:58 UTC 2010
Marko Vojinovic <vvmarko at gmail.com>

On Sunday 28 November 2010 13:15:24 Bob McConnell wrote:
> Marko Vojinovic wrote:
> > On Sunday 28 November 2010 03:45:54 Nico Kadel-Garcia wrote:
> >> You forgot "take on becoming the SELinux integration  manager for that
> >> project with every single update".
> > 
> > Every single update? Update of what?
> You have completely missed his point. Every update of the application
> *his company* is writing to run on those CentOS servers. This has
> nothing to do with RedHat, CentOS, or any other FLOSS package. It is a
> management problem within his employer's organization. If the managers
> don't care to require the application be SE compliant, he will never be
> able to get the developers to deal with those issues. So for him it is
> already a lost battle.

Well, in that case he is dealing with a broken/badly coded app, and 
irresponsible managers and developers. It's a problem, yes, but this isn't a 
fault of SELinux, and advocating that SELinux is bad because some manager 
doesn't know about security is completely wrong IMHO. And supporting advice 
given to people on this list to turn off SELinux because some devs in some 
company don't do their job right is also completely wrong.

If Nico had to deal with lousy-coded software conflicting with SELinux, it 
doesn't mean that shutting down SELinux is a good idea for everyone (or 
anyone) else.

Best, :-)