SELINUX

[James Mckenzie]

Marko Vojinovic <vvmarko at gmail.com> wrote:
>Sent: Aug 31, 2010 9:55 AM
>To: users at lists.fedoraproject.org
>Subject: Re: SELINUX
>
>On Tuesday, August 31, 2010 15:34:42 James Mckenzie wrote:
>> Tim <ignored_mailbox at yahoo.com.au> wrote:
>> >On Tue, 2010-08-31 at 00:15 +0000, JB wrote:
>> >> Well, if selinux is the best that happened to security since sliced
>> >> bread, then why people make these comments ?
>> >
>> >Because people like to bitch, particularly the ignorant ones.
>> 
>> Maybe because SeLinux is harder than hell to configure, if your favorite
>> application is not already configured.  This is BY DESIGN to prevent
>> 'ordinary' users from mucking around in it.
>
>Yea, sure, can you imagine, one needs to know how to use no less than *two* 
>commands --- chcon and semanage --- this is waaay beyond the capabilities of 
>any mortal sysadmin... And reading their dreaded man pages, oh my, I get 
>scared just thinking about trying to read them...
>
Sysadmins should know how to read man pages, that's where they get a lot of information from.  I'm speaking from the mortal view point of the person migrating from Windows to Linux and they find that they have hosed up SeLinux beyond repair.

>There is a saying from where I come from --- people are not divided into 
>competent and incompetent, but into whiners and non-whiners.

I disagree.  However, that is my opinion and you have yours.  That's why life is so interesting.

I don't divide it that way:  There are the knowing and unknowing.  Those who know should be the one's making the changes and documenting them.  The unknowing should seek out the knowing to 'show them the way'.  It's called education.   However, there are those that will charge ahead into the 'cave with the bear without the flashlight'.  Those I would classify as what you call 'whiners'.  It is no fun to rebuild a system after they've been around.

James McKenzie