LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Not really

Not really

Posted Jul 10, 2008 7:34 UTC (Thu) by edomaur (subscriber, #14520)
In reply to: Not really by nix
Parent article: SELinux and Fedora 

What I think is utterly useless, is the way error messages are written. The "access denied"
message doesn't give enough information to really help. Generally speaking, I do not work with
SELinux because it is too much work to do the easy part of securing a server. But when I have
no choice and _must_ use SELinux, one of the first thing I do is tagging its error messages
with a nice "[SELINUX]" sticker. Much headache can be avoided...

There is also the problem of the complexity of SELinux : ok, this is a very good security
framework, but it is too hard to explain and to use to/by a casual sysadmin (which is somewhat
common). If someone doesn't want to be bothered with learning the intricacies of SELinux, he
will just disable the policies, or switch to a distro without SELinux enabled by default.

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds