Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 12/8/10 4:42 AM, David Sommerseth wrote:
> On 30/11/10 17:21, Les Mikesell wrote:
>> On 11/30/2010 9:51 AM, Lamar Owen wrote:
>>>
>>> If a particular app is so recalcitrant that SELinux needs to be turned off, that's when I'd be doing some drastic things, much like windows lab environments need done.  Things like automatic revert to known-good snapshot on the production boxes for all but the data files.  Things like isolation in a VM for those apps.  Of course, that's also work, and getting SELinux working properly might be less work.  Everyone wants less work per project to get more projects done, of course, but cutting corners is still cutting corners and one day it will come back to haunt the corner-cutter.
>>>
>>>> Now it is your turn to quantify:  How much would you charge to
>>>> teach someone to be able to make those changes and how long would it
>>>> take?  This has to include the ability to quickly diagnose and fix any
>>>> problem that might be caused by updates to the application or to the OS
>>>> distribution.
>>>
>>> To teach, $50 per hour (if I were available to teach; at the moment I'm full on my work hours).  The number of hours would depend upon the complexity of the application; for Scalix, assuming no familiarity with either Scalix or SELinux, eight to sixteen hours (one-two days).
>>
>> I'm not talking about a particular app.  The thing I want quantified is
>> what it will cost to train some number of people to be able to
>> troubleshoot any problem that SELinux might cause with any app, given
>> potential changes in updates to both the distribution provided stuff and
>> the 3rd party coding at any time.
>
> <https://www.redhat.com/courses/rhs429_red_hat_enterprise_selinux_policy_administration/>
>
> Complete this one with the exam, and you're certified on SELinux on RHEL.
>
> It might be other offerings as well, but I don't know about those.

Thanks - $3K and 4 days per operator and perhaps some developers seems like a 
reasonable starting point to consider - on top of an RHCE.

-- 
    Les Mikesell
     lesmikesell@xxxxxxxxx

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux