Re: SElinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2006-04-03 at 01:04 +0930, Tim wrote:
> On Sun, 2006-04-02 at 08:04 -0700, Craig White wrote:
> > More to the issue however, Linux is both a production and a
> > participatory system where it is expected that a 'user' minimally
> > participate in providing feedback so the product is improved and your
> > suggestions above suggest that your decision to turn it off is formed
> > by an arrogance that has others participating while you opt out.
> 
> Not everyone has the ability to debug every single thing that's wrong
> with Fedora.  There comes a time when you look at what's more of a
> problem to deal with, fixing the problem, stopping using something you
> can't get to work, or stopping using something that's stopping you from
> doing what you want to do.
> 
> I've had to give up fighting with SELinux on one machine, it just gets
> in the way in far too many places, and is a completely user-unfriendly
> system.  You've got extremely obscurely named contexts to set, and
> they've all got to be done through the command line with woeful
> documentation.  I've yet to see a GUI tool where you can list a
> directory, or look at a file, and see that the file is web servable, or
> whatever, or make one so that's not.  And the logging is bloody awful.
> 
> The targeted approach goes some way towards making it a bit manageable
> (only applying SELinux to some predetermined things).  Though, that
> approach, of course, leaves holes where you might be got at.  A little
> security isn't much better than a lot of insecurity.
> 
> The feedback you're seeing from him, and some others, is that its
> current implementation is awful.  It's got to be usable in more senses
> than one.
----
I see your point - that there are levels of system
administrators...those that invest the time and energy into obtaining
the knowledge necessary to maintain their systems and those that rely on
point and click tools and where lacking the point and click tools and
the knowledge, opt out for expedience.

I agree that many opt out for expedience...too bad. Something inside
tells me that many of these people chide Windows systems for a lack of
security but I digress.

I guess if it is my own personal system, that is one thing.

If it is a box that I maintain for a client or my employer, then I
wouldn't want to tell them that I disabled a security system because I
lacked the knowledge to maintain it...but hey, that's me. In fact, I
appreciate the fact that I can hone my skill sets for the systems that I
maintain for others right here on my own personal systems.

Craig


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux