[CentOS] SELinux and access across 'similar types'

Lamar Owen lowen at pari.edu
Wed Jan 11 15:15:20 UTC 2012 

On Tuesday, January 10, 2012 04:38:27 PM Les Mikesell wrote:
> But the hardest part is that these things are application specific and
> there is no standardization for locations where applications do
> things.  In fact, distributions intentionally move those locations
> around in their packaging.

Good morning, Les.

Distribution differences are the price we pay for choice.  Distributions are (and should be) free to put things where they see fit.  Each major distribution I've looked at has had good reasons for the different choices that they have made. 

> That reputation is well deserved.  Would it not have made sense to
> have the needed diagnostic tools before shipping the thing that needs
> it?

No, it wouldn't have.  With open source being a 'scratch your own itch' thing, and with Fedora well-placed in the 'hobbyist/enthusiast/not a normal user' domain, this somewhat 'forces' the issue of getting things fixed.  Otherwise things would likely not have been fixed at all.
 
> And wouldn't it have been a good idea to have the documentation before
> turning on something non-standard that breaks things?

If Fedora were a commercial product, sure.  It isn't; documentation follows code in open source, full stop.  Whether that's the way it should be or not, it is the way it is, and I for one prefer true developer freedom to choose the way to develop.  If an open source development group wants to write docs first, and then implement, they have the freedom to do so.  If a development group doesn't want to write any documentation at all, but just hand out the source, then that development group has the freedom to do so (and users have the freedom to use or not use that software).  Companies wanting to productize open source should do their homework and write their own docs; Red Hat for one has done that, and the docs are quite good.

> Yeah, the whole idea seems like what a car company would have to do to
> come back after selling a model that gets a lot of publicity for
> crashing and burning.   The earlier opinions weren't wrong, after all.

You have the wrong analogy.  Linux today is in a state quite similar to the state of the automotive industry before Henry Ford.  Every car was unique, parts didn't interchange, roads were a mess, and people as hobbyists/enthusiasts built their oen cars (not from kit parts like most of today's auto enthusiasts) from scratch.  Or the days of airplanes prior to World War I.  Things did crash and burn, and it was an enthusiast's world.

And thus far no one of whom I am aware has died due to an SELinux problem.

More information about the CentOS mailing list