I'm not sure I buy that SELinux is doomed. While it may be complex we use it on all of our linux servers and desktops. We've had a few problems but that caused us to read the docs and learn how to write policy to deal with these things. Just like any new technology there are going to be learning curves, but that doesn't stop many from learning other really complex systems that now seem simple. I think that as more and more people begin "tinkering" with selinux we'll begin to see more and more tools that allow most non-technical people to deal with the issues interacting with selinux. Cheers, Harry -- Harry Hoffman Integrated Portable Solutions, LLC 877.846.5927 ext 1000 http://www.ip-solutions.net/ Arjan van de Ven wrote: <snip> > > maybe it's time to accept that SELinux as technology is doomed. Not > because the code is bad, but because it's Just Too Complex(tm). > Complexity kills, and I think the time it is taking to get to the point > where at least less than 99% of the people turns selinux off first thing > is waay too long already. > > Maybe it's a matter of focus; sometimes I get the impression the focus > is to give more coverage rather than to get the existing coverage to the > point where people use it... but maybe the later is just so much work > and so time consuming that it takes more time to get it than it takes > the codebase to change again. > -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
