Thomas Vander Stichele wrote:
All RH developers do not work on FC3. (A Lot run on RHEL 3 and AS 2.1). SELinux with strict policy was very difficult to develop on so a lot of developers turned itHi,
- A lot of developers I know, including a bunch at Red Hat, *turn offFWIW I have three machines here, of which two have SELinux always on in
SELINUX entirely*. IMO, something that gets pushed at heavily as this
should be dogfooded by the development team at Red Hat completely, so
they encounter firsthand what it means and how to fix basic issues.
enforcing mode, and the third sometimes on (dogfooding Rawhide here, so
sometimes things break...). They're all using the targeted policy.
Oh, I'm sure there are developers dogfooding it. My point is that *all* of the Red Hat developers should be dogfooding it if you think SELINUX should be the default (which I assume is being thought since it's the default in anaconda).
off, now that it is targeted policy, they are using it more and more. Most of the problems
we are seeing now are with different Apache setups, which most developers would not
have discovered on the desktop.
My sample of developers was not correctly chosen if I wanted half of them to run it. But I think *all* of them should run it, and they should come to you or Karsten or Colin when they run into stuff they can't figure it out, so that it becomes impossible for me to find even one RH developer that doesn't know basic stuff about SELINUX.
For any other subsystem I would say this ideal was utopian; for something that's this impacting on end users I'd say it's a necessity. But, of course, just my POV :)
Thomas
Dave/Dina : future TV today ! - http://www.davedina.org/ <-*- thomas (dot) apestaart (dot) org -*-> If you don't ask me out to dinner I don't eat <-*- thomas (at) apestaart (dot) org -*-> URGent, best radio on the net - 24/7 ! - http://urgent.fm/