Just attended a talk by Ralph Angenendt on selinux.  Most of what he said concerned selinux with apache, and much of it was negative: error messages are unhelpful, it’s under-documented, and he’s not aware of anyone working to make apache selinux-aware.  Furthermore, a lot of selinux policies duplicate the functionality of apache’s own configuration directives: for example, selinux can be used to disable whole features such as userdirs, CGI execution, and SSI.

Add the fact that the room was horrible, and some idiots were chatting away so I had to strain to hear the speaker, and it was a sadly unproductive talk.  I fear selinux will continue to be seen as the enemy for the forseeable future.

Posted on February 8, 2009, in apache, FOSDEM, linux. Bookmark the permalink. 1 Comment.

  1. I typically just disable it. It’s always been a hassle.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: