SEBSD is dead?
freebsd-questions at herveybayaustralia.com.au
Sat Dec 18 00:11:05 UTC 2010
On 12/18/10 08:20, David Brodbeck wrote:
> On Fri, Dec 17, 2010 at 8:02 AM, Jerry McAllister<jerrymc at msu.edu> wrote:
>> Anyway, SeLinux ain't 100% popular over there I noticed.
>> Maybe it is just a matter of getting used to it. I got
>> tired of reading the posts on it, so haven't figured out
>> if they were substantive or just whiney.
> The problem with SELinux is it becomes very difficult to configure
> properly if you don't have a normal, out-of-the-box configuration.
> For example, I never did figure out how to keep it from blocking an
> rsync backup. I disabled it after that, because a system I can't back
> up is pretty useless no matter how secure it is. :)
I always thought it was a PITA, but I did figure out a couple of things
(after hours fart-assing around). You have to take the error and make it
into a module that allows the process to continue, but I don't blame
anyone for just walking away- sometimes even then it still didn't work.
Mind you, unlike most things, you can't just stow the info away for
quick retrieval to adjust something on the fly- it still takes you that
long again: 1) you have to follow a different method again for each
instance and 2) its an impossible process to remember! :)
Not to mention that it can cascade errors... its a hydra- fix one and
another 2 errors crop up!
As for whiney- I was one of those (supposedly), and you're just told to
shut up and take it because security is more important, and you should
take the time to learn something (that will take the same length of time
to fix _every_ time). I agree on the security, but the usage and howto
shouldn't be so obscure as to confuse even the most determined learner.
More information about the freebsd-questions