SELINUX

Marko Vojinovic vvmarko at gmail.com
Tue Aug 31 17:51:40 UTC 2010


On Tuesday, August 31, 2010 18:09:03 James Mckenzie wrote:
> Marko Vojinovic <vvmarko at gmail.com> wrote:
> >Yea, sure, can you imagine, one needs to know how to use no less than
> >*two* commands --- chcon and semanage --- this is waaay beyond the
> >capabilities of any mortal sysadmin... And reading their dreaded man
> >pages, oh my, I get scared just thinking about trying to read them...
> 
> Sysadmins should know how to read man pages, that's where they get a lot of
> information from.  I'm speaking from the mortal view point of the person
> migrating from Windows to Linux and they find that they have hosed up
> SeLinux beyond repair.

Well, IMNSHO, if an ordinary Windows convert wants for example to set up a 
custom httpd/ftpd/other server, he needs to (a) learn how to do it properly, 
so that SELinux doesn't ever intervene to begin with, and (b) if what he wants 
really requires customizing SELinux, he should learn how to do that as well.

IOW, a Windows convert has no business doing nontrivial stuff on a Linux 
machine if he has no knowledge how to do it. If you don't know how to 
manipulate a gun, better stay away from it. And for ordinary desktop use, the 
default policy seems to be working completely transparently these days. Though 
I admit it was not so couple of years ago, it took some time for the policy to 
reach this state.

> >There is a saying from where I come from --- people are not divided into
> >competent and incompetent, but into whiners and non-whiners.
> 
> I disagree.  However, that is my opinion and you have yours.  That's why
> life is so interesting.
> 
> I don't divide it that way:  There are the knowing and unknowing.  Those
> who know should be the one's making the changes and documenting them.  The
> unknowing should seek out the knowing to 'show them the way'.  It's called
> education.   However, there are those that will charge ahead into the
> 'cave with the bear without the flashlight'.  Those I would classify as
> what you call 'whiners'.  It is no fun to rebuild a system after they've
> been around.

The meaning of the proverb is maybe somewhat lost in my (clumsy) translation. 
By "competent" you should read "a person who is able to teach himself 
something without being handheld by others all the way". The statement of the 
proverb is that everyone is *able* to get self-taught, but some would rather 
just whine than invest effort to learn.

I think we are talking about the same thing basically. ;-)

Best, :-)
Marko



More information about the users mailing list