[LINK] WP: The Pentagon is turned on by eWar
David Boxall
david.boxall at hunterlink.net.au
Thu Apr 12 10:38:10 AEST 2012
On 11/04/2012 5:35 PM, Rachel Polanskis wrote:
> Has anyone here actually used SELinux - I did but only for a trial while I did my Redhat studies,
> for about 3 weeks.
>
> It's "not very nice to use".... I will not go into details, but it is pretty heavy duty stuff that logs
> just about every action on the system. Some rulesets can be created to permit various functions, but I found it a particular hassle. In the end, you also need to hack your apps
> (ie have source code and a room of appropriately shaved monkeys to support it) to use all
> the features and god forbid you want backups restored or have to do DR on it...... One of the annoying bits is having to recast shell scripts and so on if they needed to work in the secure realm. Some things will not work at all for various reasons, so you have to destress the secure
> bits if you want to use them.
>
> I also tried Trusted Solaris a few years ago and likewise found that difficult to use,
> so I do not know how regular users coped with it.....
> ...
Reminds me of a conversation I had, decades ago, with the head of
security of a government department: security's an inconvenient bore -
until something goes wrong. Then, the lack of it is the inconvenience.
--
David Boxall | Any given program,
| when running correctly,
http://david.boxall.id.au | is obsolete.
| --Arthur C. Clarke
More information about the Link
mailing list