> I see your point - that there are levels of system > administrators...those that invest the time and energy into obtaining > the knowledge necessary to maintain their systems and those that rely on > point and click tools and where lacking the point and click tools and > the knowledge, opt out for expedience. > > I agree that many opt out for expedience...too bad. Something inside > tells me that many of these people chide Windows systems for a lack of > security but I digress. I'm not a sysadmin (but hope to develop my skills and become one in my next life). But I can see why a sysadmin would want a user friendly interface and abundant (and clear) documentation to manage all aspects of SELinux. I can imagine that many sysadmins are quite busy as it is. Trying to wrap their heads around SELinux may be a challenge. Certainly not rolling out security features for a customer could come back and bit us. But also not being able to maintain the customer's system running smoothly (or can't get certain parts working at all) without investing more time than is available in a day is no doubt not an option for some sysadmins. And if the downed system is costing the customer considerable loss of revenue then getting it up and running ASAP may be the first priority, not getting it up and running with maxium security features implemented. Security is an afterthough in some cases, and of lesser concern unless it impacts the bottom line. I suspect not many sales managers would tell you to take an extra 1/2 day or longer to trouble shoot an application issue before resuming online sales if it can be resolved in a matter of seconds by simply disabling that application. Risks vs benefits as it relates to the bottom line. I may be totally off the mark here. But that's my best guess at what some sysadmins are likely dealing with and why mastering SELinux is not a priority for them (or more accurately for their company). Jacques B.
