SELinux last straw

[Les Mikesell]

Arthur Pemberton wrote:

>>>> SELinux may
>>>> APPEAR to be the root cause of all your problems.  But it may only be
>>>> part of a chain reaction rooted somewhere else on your system.
>>>> SELinux may not be the cause, but perhaps the messenger, the visual
>>>> cue, the "chain" that you've now developed tunnel vision for and blame
>>>> for everything.
>>>>
>>> Turn off SELinux and you may actually be simply medicating the
>>> symptoms, not treating the root cause.
>> Yes, but there doesn't seem to be an exact science here, with weekly
>> updates being needed that break some things for some people...
> 
> We have no evidence of that, at least not in the general fedora list.
> Maybe in the fedora-testing list.

Umm, OK... I guess this thread doesn't exist.

>> I think there is a good argument for understanding and using the simple
>> traditional unix security mechanisms that have served well for the last
>> 30 years until SELinux is stabilized to a point that it doesn't cause
>> surprises - especially if you run things that aren't included in the
>> distribution.
> 
> Please don't start this crap again.

I'll stop it when there is a methodology for someone to solve the kind 
of problem that Karl reports.  With traditional unix security a few 
simple checks can determine the status and any similar problem reported 
to this list would have an immediate response with the fix or a test to 
identify the problem.  With this, we not only do not have an answer, in 
the months this thread has continued, not only is there not a fix, no 
one has produced a diagnostic test to even identify the issue.

How are you supposed to determine the 'correctness' of a given setup?

-- 
   Les Mikesell
    lesmikesell at gmail.com