Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



----- Original Message ----- 
From: <cpolish@xxxxxxxxxxxx>
> Christopher Chan wrote:
>> Les Mikesell wrote:
>>
>> >> All of the third-party software I run seems to run just fine, as long 
>> >> as the right contexts are applied.
>> >
>> > Well, obviously it will work after someone takes the time to make it
>> > work.  Now it is your turn to quantify:  How much would you charge to
>> > teach someone to be able to make those changes and how long would it
>> > take?  This has to include the ability to quickly diagnose and fix any
>> > problem that might be caused by updates to the application or to the OS
>> > distribution.
>> >
>>
>> As was already mentioned in another post, run in permissive mode, for a
>> few days if you must, and go through all the things the software does
>> and voila! setroubleshoot and/or logs tell you what needs doing.
>
> Very optimistic, that. In my shop, some things run annually.
> A comprehensive system test = production, for a year. Just
> this morning a 1099 (annual tax-form) script failed in test.
>


For some reason, I suspect that these annual stuff would be largely run by 
hand. Of course, it would be nice if you don't have to get a call for these 
annual stuff but I do not see that as absolutely so disabling that SELinux 
has to be disabled. 


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux