• 1

The most common advice that I read concerning SELinux is “disable it”. I've never taken that advice, but I perfectly understand it.

When I first tried to deal with an SELinux issue, I went looking for documentation. What I found, exclusively, was stuff that made little sense unless one were already familiar with the topic — peculiar undefined terms, forward references, great lacunæ.

It was the sort of stuff that people write if they're well-versed in a subject yet inexcusably clueless about communication. So long as it is reviewed only by similar creatures, nodding and saying Yes, that's right!, it's basic flaw is never recognized by those generating it.

Someone with a very strong commitment would probably eventually squeeze some understanding out of it, especially with a bit of experimentation, but most people will just push it aside and not return to it.

In the face of this situation, naturally people say turn that sh*t off. It might be a bit surprising that RSA is amongst them, but that should simply tell you how awful the developers have left it to work with SELinux, with such rotten discussion.

At this stage, addressing the problem isn't just a matter of someone writing a better discussion (which may have happened by now); it's a matter of reversing the effects of not offering it earlier, by acknowledging the gravity of the problem, and giving that better discussion away in some very, very public manner.

  • 1

Log in