On Mon, Jul 23, 2007 at 04:38:49PM -0700, Zhi-Wei Lu wrote:
> ...
> Many times, one does not think that it is an SELinux related issue
> and waste a lot of energy trying to debug the problem. I am just
> wondering how people are coping with SELinux: love it, hate it,
> disable it, disable some transactions. I would really like to hear
> the words of wisdom on this topic.
I, too, am worried about SELINUX. I would work with it more, but
there seems to be little accurate information about configuring it
for new apps (such as OpenVPN). I set it to permissive, and may turn
it off entirely unless I can find better info about configuration
with SL5.
Local acquaintance Crispin Cowan developed AppArmor, now a part of
Novell/SUSE. Crispin makes a convincing ease-of-use case for the
now-free-and-open AppArmor, and I might use that instead of SELINUX
if the config files become available for SL5. Crispin will be at
OSCON this week, and I expect to see him a few times; if anyone
wants me to ask him more questions about AppArmor, I can. AppArmor
might prove an interesting alternative for the SL5 user community
to develop and use as an add-on package.
Keith
--
Keith Lofstrom [log in to unmask] Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
|