SEBSD is dead?

[Da Rock]

On 12/18/10 08:20, David Brodbeck wrote:
> On Fri, Dec 17, 2010 at 8:02 AM, Jerry McAllister<jerrymc at msu.edu>  wrote:
>    
>> Anyway, SeLinux ain't 100% popular over there I noticed.
>> Maybe it is just a matter of getting used to it.  I got
>> tired of reading the posts on it, so haven't figured out
>> if they were substantive or just whiney.
>>      
> The problem with SELinux is it becomes very difficult to configure
> properly if you don't have a normal, out-of-the-box configuration.
>
> For example, I never did figure out how to keep it from blocking an
> rsync backup.  I disabled it after that, because a system I can't back
> up is pretty useless no matter how secure it is. :)
>    
I always thought it was a PITA, but I did figure out a couple of things 
(after hours fart-assing around). You have to take the error and make it 
into a module that allows the process to continue, but I don't blame 
anyone for just walking away- sometimes even then it still didn't work.

Mind you, unlike most things, you can't just stow the info away for 
quick retrieval to adjust something on the fly- it still takes you that 
long again: 1) you have to follow a different method again for each 
instance and 2) its an impossible process to remember! :)

Not to mention that it can cascade errors... its a hydra- fix one and 
another 2 errors crop up!

As for whiney- I was one of those (supposedly), and you're just told to 
shut up and take it because security is more important, and you should 
take the time to learn something (that will take the same length of time 
to fix _every_ time). I agree on the security, but the usage and howto 
shouldn't be so obscure as to confuse even the most determined learner.