Lamar Owen wrote: > On Tuesday, November 30, 2010 01:55:11 pm m.roth at 5-cent.us wrote: <snip> >> However, there are a ton of apps out there, and >> almost no developers who have been earning their living as programmers, >> who have any knowledge of selinux. Case in point: something here, >> developed in-house over the last 10-12 years, lots of cgi. Another case: >> Computer Associates' SiteMinder, big bucks commercial product. > > CA should know better, and if they are targeting RHEL commercially they > should be supporting the default RHEL configuration. Right. So, hey, do you have the rights to call CA and lean on them? Please? I can barely get the network folks, who actually can contact them, to understand selinux (I think of them as operators, not sysadmins). And I notice that you don't address the other point, all the in-house apps, and if you think management will say "sure, spend whatever it takes to rewrite that so it conforms to selinux...", you're living in somewhere I don't. And just about everywhere I've worked, both as a developer and as a sysadmin had a *lot* of in-house apps. mark