selinux is a pain
Tim
ignored_mailbox at yahoo.com.au
Sun Sep 25 12:54:50 UTC 2011
On Sat, 2011-09-24 at 19:43 -0700, Craig White wrote:
> Your choice not to use it is of course your own but I can assure you
> that it is indeed possible to use it, create a reasonably effective
> security layer through it with a minimum level of difficulty - or at
> least a manageable level of difficulty if you are pre-disposed to
> creating files in one location and moving them to an entirely
> different location which is certain to create contextual problems.
By and large, I wouldn't put learning to deal with SELinux, properly,
about on a par with learning to firewall a network properly. And
similarly painful for people to deal with when they have strange/dopey
work habits.
I wish the context names weren't so darn weird though. Long to type,
and unintuitive.
e.g. "unconfined_u:object_r:user_home_t" I'd *have* to read a manual to
know what "u," "r," and "t" refer to. You can't tell just by reading
them.
--
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686
Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.
More information about the users
mailing list