[CentOS] SELinux - way of the future or good idea but !!!

Tue Nov 30 16:21:46 UTC 2010
Les Mikesell <lesmikesell at gmail.com>

On 11/30/2010 9:51 AM, Lamar Owen wrote:
> If a particular app is so recalcitrant that SELinux needs to be turned off, that's when I'd be doing some drastic things, much like windows lab environments need done.  Things like automatic revert to known-good snapshot on the production boxes for all but the data files.  Things like isolation in a VM for those apps.  Of course, that's also work, and getting SELinux working properly might be less work.  Everyone wants less work per project to get more projects done, of course, but cutting corners is still cutting corners and one day it will come back to haunt the corner-cutter.
>> Now it is your turn to quantify:  How much would you charge to
>> teach someone to be able to make those changes and how long would it
>> take?  This has to include the ability to quickly diagnose and fix any
>> problem that might be caused by updates to the application or to the OS
>> distribution.
> To teach, $50 per hour (if I were available to teach; at the moment I'm full on my work hours).  The number of hours would depend upon the complexity of the application; for Scalix, assuming no familiarity with either Scalix or SELinux, eight to sixteen hours (one-two days).

I'm not talking about a particular app.  The thing I want quantified is 
what it will cost to train some number of people to be able to 
troubleshoot any problem that SELinux might cause with any app, given 
potential changes in updates to both the distribution provided stuff and 
the 3rd party coding at any time.

   Les Mikesell
    lesmikesell at gmail.com