first encounters with SELINUX, with some suggestions

Thomas Vander Stichele thomas at apestaart.org
Thu Nov 11 17:00:33 UTC 2004 

Hi,

> >Oh, I'm sure there are developers dogfooding it.  My point is that *all*
> >of the Red Hat developers should be dogfooding it if you think SELINUX
> >should be the default (which I assume is being thought since it's the
> >default in anaconda).
> >  
> >
> 
> Why *all* so vehemently? There are devel issues other than selinux that 
> occaisionally
> crop up, and there is still a need to develop software that is (not yet 
> anyways ;-) infected
> with selinux.

Sure - but if Red Hat feels it is ready to be a default, surely it can't
be to much to ask that *all* developers respect that default and use
it ? I can't see what issues for them would be unfixable *if* your claim
that targeted is drop-in replacement is true.

Face it - lots of people have the attitude of "I'm just going to not try
SELINUX until it seems to be ready".  That's not a good attitude, but
it's especially not a good attitude when those people are Red Hat
developers.

> OTOH, I fully understand your out-of-box introduction to selinux trying 
> to run mach.

My issues up to this point were completely unrelated to mach.  Mach is
one of the reasons why I feel urged to run with targeted - I want to be
able to hit bugs that the common user will run into, so I can find a
solution in advance.

> Perhaps *you* should have started dog-fooding selinux sooner. It's not 
> exactly like
> the SELinux clouds have not been gathering for quite some time.

Exactly.  I have.  Issues have ranged from "I couldn't even boot because
(I realize now) my /home was not labeled correctly and the installer
didn't think of doing that" to "All sorts of things didn't work,
including playing CD's".  These are basic issues that should be caught
by *red hat devs* before they hit outside users IMO.

It's pretty simple - if people at red hat were all happily running
SELINUX, there'd be less negative energy towards SELINUX from the
outside.  As it stands, there are red hat developers who are negatively
promoting SELINUX, and you seem to suggest that *I* could solve this by
dogfooding in their place.

I'm trying to explain where this negative energy is coming from so that
the SELINUX transition goes better eventually.

Thomas



Dave/Dina : future TV today ! - http://www.davedina.org/
<-*- thomas (dot) apestaart (dot) org -*->
There's a world outside
And I know cause I've heard talk
In my sweetest dreams
I would go out for a walk
<-*- thomas (at) apestaart (dot) org -*->
URGent, best radio on the net - 24/7 ! - http://urgent.fm/

More information about the devel mailing list