SELinux for RHEL3
Bill McCarty
bmccarty at pt-net.net
Tue Apr 13 14:42:21 UTC 2004
Hi Russell,
--On Wednesday, April 14, 2004 12:08 AM +1000 Russell Coker
<russell at coker.com.au> wrote:
> The problem with RHEL 3 is that some changes to significant parts of it
> are needed, coreutils, PAM, sysvinit, and a few others. The advantage
> for using RHEL 3 in production is that it's not changing much, so as
> long as those few packages aren't updated you don't need to re-compile
> anything. If those packages are updated then someone will have to
> recompile the SE Linux versions.
Yes, we're in close agreement: there's a significant burden involved in
running SELinux under RHEL. Only those who're comfortable tweaking source
code should even consider doing so. I'm a bit crazy <g>: I've actually
backported SELinux to RHL 7.x for use in an appliance based on that
release. But, I've only gotten as far as coaxing the code to compile; I
haven't yet done any testing. When I do, I may find that I have a lot more
work to do <g>.
> Also there are some programs such as userhelper which have had SE Linux
> support added for which you probably wouldn't want to do a RHEL 3 port.
> This means that your RHEL 3 machine will lack some of the SE Linux
> functionality that Fedora has (you will need RHEL 4 for full
> functionality).
Yes, these added features are a real convenience. But, I don't find them an
absolute necessity. The long maintenance horizon of RHEL 3 helps offset
their absence.
With respect to RHEL 4, I'm hoping for an SELinux Christmas <g>.
Cheers,
---------------------------------------------------
Bill McCarty, Ph.D.
Professor of Information Technology
Azusa Pacific University
More information about the fedora-selinux-list
mailing list