Le 31.12.2011 05:02, Brad Knowles a écrit :
On Dec 30, 2011, at 8:40 PM, Alex Howells wrote:Whilst I appreciate you will never cater to all needs, and there is a core of 'power user' out there who will always do their own thing, the recommended route for deploying chef-client (which seems to be heading in an Omnibus direction) needs to cater for the masses, and that *does* mean things like SELinux (amongst other things) will become increasingly important to support properly.I'm not convinced that SELinux is something that the "masses" deal with today, or that it is something they will be dealing with in the near future. I-- Brad Knowles < "> > SAGE Level IV, Chef Level 0.0.1
I've to agree that se-linux is not a widely used system in my experience (usaully disabled because causing more troubles than help to secure).
As a sysadmin I do prefer to ensure critical system parts are secured in an usual way than relying on se-linux which would need me to add one more rule to do a dumb thing touching system files.
I've a point of view which is: relying on se-linux and saying the box is secure is the same as thinking you'll be able to stop properly when driving at 200 Km/h with an ABS on a rusty car. In brief: fix the car before adding it drive assists.
So if you really rely on SE-Linux and can't do an update path using chef, there's a problem in the way Se-Linux is configured.
Tensibai.
Archive powered by MHonArc 2.6.16.