Another selinux rant

[Ed Swierk]

On 1/3/08, Andrew Farris <lordmorgul at gmail.com> wrote:
> Ok I understand then, however I'd just comment that as a gauge of usability I
> think your situation (moving configurations across platforms, from no selinux to
> selinux) is somewhat of a fringe case.  I realize that MANY admins would be
> doing just that in the process of adopting selinux since rewriting
> configurations is a major pain, but its still something that can almost be
> expected to cause headache (and requires labeling).  Just my 2c on usability, it
> still seems to work best when you start out from install with selinux enabled
> and avoid deliberately circumventing it.

Believe me, as an engineer I understand how annoying it is to learn
that a user has given up in frustration after 10 minutes just because
they ran into trivial issue like a bug in the installer. Unfortunately
the most luxuriously smooth freeway in the world will lie unused if
the on-ramps are full of land mines. :-)

> Would you say that documentation on that specific issue (migrating
> configurations) needs more attention?

I think improving error messages and warnings and default behavior
(see my earlier comments on tar and ls) is more worthwhile than
writing documentation, as the latter tends not to get read.

--Ed