SCIENTIFIC-LINUX-USERS Archives

July 2007

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Does SELinux really worth it?
From:
Keith Lofstrom <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Mon, 23 Jul 2007 22:21:47 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (30 lines) 
On Mon, Jul 23, 2007 at 04:38:49PM -0700, Zhi-Wei Lu wrote:
> ...
> Many times, one does not think that it is an SELinux related issue  
> and waste a lot of energy trying to debug the problem. I am just  
> wondering how people are coping with SELinux: love it, hate it,  
> disable it, disable some transactions.  I would really like to hear  
> the words of wisdom on this topic.

I, too, am worried about SELINUX.  I would work with it more, but
there seems to be little accurate information about configuring it
for new apps (such as OpenVPN).  I set it to permissive, and may turn
it off entirely unless I can find better info about configuration
with SL5.

Local acquaintance Crispin Cowan developed AppArmor, now a part of
Novell/SUSE.  Crispin makes a convincing ease-of-use case for the
now-free-and-open AppArmor, and I might use that instead of SELINUX
if the config files become available for SL5.  Crispin will be at
OSCON this week, and I expect to see him a few times;  if anyone 
wants me to ask him more questions about AppArmor, I can.  AppArmor
might prove an interesting alternative for the SL5 user community
to develop and use as an add-on package.

Keith

-- 
Keith Lofstrom          [log in to unmask]         Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs

ATOM RSS1 RSS2