On Jan 3, 2008 4:29 PM, Ed Swierk <eswierk@xxxxxxxxxxx> wrote: > For me learning SELinux seems as pointless as trying to remember > iptables commands, or AFS trivia back when I was a student--all cause > me trouble just infrequently enough to ensure I have to relearn them > from scratch every time. If I were a full-time sysadmin of course it > would be a different story, but I really don't have the brain cycles > to remember anything more complicated than chmod and chown, and I > suspect a large number of accidental sysadmins feel the same. Well, if it's any consolation, there are those of us who really quite appreciate SELinux. It's really not that intrusive in targeted mode -- I've been running my workstations in enforcing mode for the past 2 years, and it's only fairly rarely that I find something that's not working because of SELinux. In these cases, if it's something that I have to do on a one-off basis, I just do "setenforce 0" and then "setenforce 1" when I'm done (or just leave it as is until next reboot). Yes, SELinux is very complex, but that's because what it's trying to do is also very complex. However, it's not insurmountable to learn. Take it from someone who had to write an SELinux policy -- it took me a week worth of effort to get to the point where it worked as intended, but I finally got there. Once you wrap your brain around it, it's fairly straightforward. Regards, -- Konstantin Ryabitsev Montréal, Québec -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
