[CentOS] selinux on/off percentage

Mon Apr 2 13:24:39 UTC 2012
m.roth at 5-cent.us <m.roth at 5-cent.us>

Les Mikesell wrote:
> On Mon, Apr 2, 2012 at 5:28 AM, Johnny Hughes <johnny at centos.org> wrote:
>>>     Just wondering if there is any statiscs report of selinxu usages in
>>> production environment? I know some still turn it off.
>> If you have machines purposely serving things to the masses on the
>> Internet, you should take the time to make SELinux work properly on
>> those machines.
> Another statistic I'd like to see is how much admin time this costs on
> the average to learn and implement.   Has anyone really measured this?
>   Are there training courses specifically to cover it?   You might get
> an idea from the length and cost of the training if it covers all the
> quirks.   These days most of the built-in stuff is pre-configured for
> someone's idea of working (apache not being able to send mail doesn't
> match my definition, though...), but any third-party or local
> additions to a targeted service will take time to set up.

Or, a local pet peeve, I'd like to see some game plan as to how selinux
will support third-party apps that are not built with any awareness of
selinux. For me, that's CA's siteminder.