No more selinux-policy-*-sources
Harry Hoffman
hhoffman at ip-solutions.net
Tue Mar 14 14:25:06 UTC 2006
I'm not sure I buy that SELinux is doomed.
While it may be complex we use it on all of our linux servers and
desktops. We've had a few problems but that caused us to read the docs
and learn how to write policy to deal with these things.
Just like any new technology there are going to be learning curves, but
that doesn't stop many from learning other really complex systems that
now seem simple.
I think that as more and more people begin "tinkering" with selinux
we'll begin to see more and more tools that allow most non-technical
people to deal with the issues interacting with selinux.
Cheers,
Harry
--
Harry Hoffman
Integrated Portable Solutions, LLC
877.846.5927 ext 1000
http://www.ip-solutions.net/
Arjan van de Ven wrote:
<snip>
>
> maybe it's time to accept that SELinux as technology is doomed. Not
> because the code is bad, but because it's Just Too Complex(tm).
> Complexity kills, and I think the time it is taking to get to the point
> where at least less than 99% of the people turns selinux off first thing
> is waay too long already.
>
> Maybe it's a matter of focus; sometimes I get the impression the focus
> is to give more coverage rather than to get the existing coverage to the
> point where people use it... but maybe the later is just so much work
> and so time consuming that it takes more time to get it than it takes
> the codebase to change again.
>
More information about the fedora-devel-list
mailing list