From owner-freebsd-questions@FreeBSD.ORG Sat Dec 18 00:11:05 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D1788106564A for ; Sat, 18 Dec 2010 00:11:05 +0000 (UTC) (envelope-from freebsd-questions@herveybayaustralia.com.au) Received: from mail.unitedinsong.com.au (mail.unitedinsong.com.au [150.101.178.33]) by mx1.freebsd.org (Postfix) with ESMTP id 805F78FC1A for ; Sat, 18 Dec 2010 00:11:05 +0000 (UTC) Received: from laptop1.herveybayaustralia.com.au (laptop1.herveybayaustralia.com.au [192.168.0.193]) by mail.unitedinsong.com.au (Postfix) with ESMTP id 911CA5C21 for ; Sat, 18 Dec 2010 10:15:55 +1000 (EST) Message-ID: <4D0BFB43.7020506@herveybayaustralia.com.au> Date: Sat, 18 Dec 2010 10:07:31 +1000 From: Da Rock User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.15) Gecko/20101119 Thunderbird/3.0.10 ThunderBrowse/3.3.4 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <4D0B4D1D.8010700@gmail.com> <20101217152709.GE94554@gizmo.acns.msu.edu> <4D0B84F5.4010905@unsane.co.uk> <20101217160221.GB94970@gizmo.acns.msu.edu> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: SEBSD is dead? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Dec 2010 00:11:05 -0000 On 12/18/10 08:20, David Brodbeck wrote: > On Fri, Dec 17, 2010 at 8:02 AM, Jerry McAllister wrote: > >> Anyway, SeLinux ain't 100% popular over there I noticed. >> Maybe it is just a matter of getting used to it. I got >> tired of reading the posts on it, so haven't figured out >> if they were substantive or just whiney. >> > The problem with SELinux is it becomes very difficult to configure > properly if you don't have a normal, out-of-the-box configuration. > > For example, I never did figure out how to keep it from blocking an > rsync backup. I disabled it after that, because a system I can't back > up is pretty useless no matter how secure it is. :) > I always thought it was a PITA, but I did figure out a couple of things (after hours fart-assing around). You have to take the error and make it into a module that allows the process to continue, but I don't blame anyone for just walking away- sometimes even then it still didn't work. Mind you, unlike most things, you can't just stow the info away for quick retrieval to adjust something on the fly- it still takes you that long again: 1) you have to follow a different method again for each instance and 2) its an impossible process to remember! :) Not to mention that it can cascade errors... its a hydra- fix one and another 2 errors crop up! As for whiney- I was one of those (supposedly), and you're just told to shut up and take it because security is more important, and you should take the time to learn something (that will take the same length of time to fix _every_ time). I agree on the security, but the usage and howto shouldn't be so obscure as to confuse even the most determined learner.