On Mon, May 09, 2005 at 11:25:09AM -0400, Valdis.Kletnieks@xxxxxx wrote: > On Mon, 09 May 2005 16:30:43 +0200, Hein Coulier said: > > > That is a bummer ! I read that redhat (even in rhel5) is not supporting the > > strict policy. Since we're running a lot of 3rd party products (oracle, > > websphere, openview, controlm, ...) , i doubt that managment will be willing > > to take the risk of running unsupported. > > > > I'll have to address my supperiors, but i fear it might be over-and-out for > > selinux. > > I remember seeing a statement on a RedHat page that their "lack of support" would > basically mean "replicate your issue with enforcing=0 and then we'll talk", > so things may not be as bad as all that... And how, exactly, is that not equivilant to a complete lack of support for SElinux policy? If RH ships a .te/.fc pair for a particular application, and it causes an application to break, they should be on the hook for at least explaining why the application isn't functional. Of course, having actually been using strict SE for a while, I completely understand why RH isn't going to do this quickly. Perhaps over time they'll begin to support stock policy, but I fear it will be quite a while. Until they do, though, SElinux is going to remain a toolkit for advanced users who are already the least likely to be compromised, and will do nothing for raising the low-hanging fruit. And if they're not going to support it, they might as well not ship it in RHEL. Once you're running an unsupported configuration, one might as well do it for free. ;) -- Erik Fichtner; Unix Ronin "Mathematics is something best shared between consenting adults in the privacy of their own office" - Adam O'Donnell
Attachment:
pgpkG3cV9eO7X.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
