Hi Russell,
--On Wednesday, April 14, 2004 12:08 AM +1000 Russell Coker
<russell(a)coker.com.au> wrote:
The problem with RHEL 3 is that some changes to significant parts of
it
are needed, coreutils, PAM, sysvinit, and a few others. The advantage
for using RHEL 3 in production is that it's not changing much, so as
long as those few packages aren't updated you don't need to re-compile
anything. If those packages are updated then someone will have to
recompile the SE Linux versions.
Yes, we're in close agreement: there's a significant burden involved in
running SELinux under RHEL. Only those who're comfortable tweaking source
code should even consider doing so. I'm a bit crazy <g>: I've actually
backported SELinux to RHL 7.x for use in an appliance based on that
release. But, I've only gotten as far as coaxing the code to compile; I
haven't yet done any testing. When I do, I may find that I have a lot more
work to do <g>.
Also there are some programs such as userhelper which have had SE
Linux
support added for which you probably wouldn't want to do a RHEL 3 port.
This means that your RHEL 3 machine will lack some of the SE Linux
functionality that Fedora has (you will need RHEL 4 for full
functionality).
Yes, these added features are a real convenience. But, I don't find them an
absolute necessity. The long maintenance horizon of RHEL 3 helps offset
their absence.
With respect to RHEL 4, I'm hoping for an SELinux Christmas <g>.
Cheers,
---------------------------------------------------
Bill McCarty, Ph.D.
Professor of Information Technology
Azusa Pacific University