Fedora is poorly documented.

Fedora is poorly documented.

Posted Aug 18, 2005 15:45 UTC (Thu) by Junior_Samples (guest, #26737)
Parent article: An overview of multilevel security

While SELinux has great potential, it seems that it offers very little to the ordinary user. The default configuration of Fedora is geared toward an enterprise server, not a desktop user. As it stands, SELinux on Fedora doesn't do much to protect the average workstation/desktop user from hax0rs.

Poor documentation and lack of communications only make matters worse. During a recent upgrade, Fedora added a audit-libs as a dependency for SELinux. So yum happily installed audit-libs. Now cryptic audit messages are constantly spewed onto to my console. Not a warning or a peep from Fedora. Just a rude unwanted "Easter Egg" as a side effect of an upgrade. So even though my plate is alreay piled high, I must find a few hours of free time to learn and configure auditing. I didn't ask for this. It was dumped on me without permission.

As it stands, the only folks getting much use out of SELinux are those who have turned SELinux into a hobby, much like those devoted to Gimp and other time sinks. The learning curve for SELinux is steep, and in its default configuration does very little to squelch day-zero vulnerabilities.

Why is there no comprehensive user's guide to SELinux provided with the Linux documentation? Presumably anyone deploying SELinux in an enterprise situation would need such a document. The O'Reilly book on SELinux is only so-so, not to mention out of date with the current state of SELinux. What is needed is a good user's guide with examples. And it should be provided with SELinux as part of the standard install.

It is foolish to think that someone can effectively administer a complicated security system based on glancing at a couple of worthless man pages or reading the source code. Poor documentation continues to be Linux's most glaring weakness.

---

(Log in to post comments)