[CentOS] SELinux and access across 'similar types'

Les Mikesell lesmikesell at gmail.com
Wed Jan 11 16:42:08 UTC 2012


On Wed, Jan 11, 2012 at 9:15 AM, Lamar Owen <lowen at pari.edu> wrote:
> On Tuesday, January 10, 2012 04:38:27 PM Les Mikesell wrote:
>> But the hardest part is that these things are application specific and
>> there is no standardization for locations where applications do
>> things.  In fact, distributions intentionally move those locations
>> around in their packaging.
>
> Good morning, Les.
>
> Distribution differences are the price we pay for choice.  Distributions are (and should be) free to put things where they see fit.  Each major distribution I've looked at has had good reasons for the different choices that they have made.

If the first thing you saw on a unix-like system was the horror of
autoconf, would you have taken a second look?  This is an even worse
situation, because there is no equivalent way to describe what you
want across flavors.  I'm not saying that distribution packagers
shouldn't be free to break whatever applications they want, and that
sysadmins shouldn't be allowed to break even more, I'm saying it would
be better if that didn't happen because they didn't understand what
the application writer intended.  How is the application developer
(unquestionably the expert on the application needs) supposed to
describe those needs to SELinux in a way that can work across
distributions without 'less-expert' people guessing about them?

>
> You have the wrong analogy.  Linux today is in a state quite similar to the state of the automotive industry before Henry Ford.  Every car was unique, parts didn't interchange, roads were a mess, and people as hobbyists/enthusiasts built their oen cars (not from kit parts like most of today's auto enthusiasts) from scratch.  Or the days of airplanes prior to World War I.  Things did crash and burn, and it was an enthusiast's world.

I guess you are right about the state of the art and that it is as
wrong to expect things to work as it was to expect flying cars by now.
 But it would have been fun.

-- 
  Les Mikesell
    lesmikesell at gmail.com



More information about the CentOS mailing list