Posted Jul 11, 2008 14:52 UTC (Fri) by yyidth (guest, #18842)
Parent article: SELinux and Fedora
Honestly, please stop writing articles like this. Why is LWN acting as an apologist for a
failed security infrastructure? The kernel team has all but kicked them out with the opening
of the LSM api and inclusion of SMACK in the source tree. In 5 years those of us who are
professional Unix admins will look back at SELinux with annoyance and be glad it's gone. One
or another of the current crop of tools with equivalent functionality, a usable configuration
methodology and complete documentation will have replaced it across the board.
I have a great deal of respect for both the work and to workers that is SELinux. It was
basically the first, but as is often the case with a first attempt at a new tech the
implementation falls off the mark. In the case of SELinux a mistake was made in moving to far
away form standard Unix behavior and a config system that seems to try its best to be obtuse.
On top of the complete lack of documentation and the complete uselessness of the log messages
SELinux ends of being unusable by a busy professional admin.
And so, until Fedora, Redhat, Ubuntu and the like move forward problems with SELinux are best
dealt with using the directive SELINUX=disabled in /etc/selinux/config.