SCIENTIFIC-LINUX-USERS Archives

February 2017

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: certbot letsencrypt renewal selinux borkage
From:
Konstantin Olchanski <[log in to unmask]>
Reply To:
Konstantin Olchanski <[log in to unmask]>
Date:
Fri, 10 Feb 2017 09:36:40 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (25 lines) 
On Fri, Feb 10, 2017 at 01:51:40PM +0100, David Sommerseth wrote:
> 
> Manipulating the SELinux policy can be hard if you haven't done it
> before - but once you know the tools and understands the concept, it is
> fairly simple.
> 

Everything is easy, but there is only 24 hours in the day. I am not a 100% full time
sysadmin, this just a small part of what I do, and it disturbs me when
basic OS functions (like running an https web server) misbehave
and the best response is "let's hack selinux together". (other than watching
the football game between certbot and selinux packagers, the *other* football
game over the nfs-selinux bug is quite amusing, in the current round the selinux
people are objecting to granting "too many permissions, too many exceptions").

If you say "this guy wants the sun, the moon and the stars for free", tell me,
can I have a working https web server by paying money? ("yea, just hire the certbot
packager dude already").

-- 
Konstantin Olchanski
Data Acquisition Systems: The Bytes Must Flow!
Email: olchansk-at-triumf-dot-ca
Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada

ATOM RSS1 RSS2