[Cialug] SELinux

Todd Walton tdwalton at gmail.com
Tue Aug 27 18:49:24 UTC 2019


On Tue, Aug 27, 2019 at 10:56 AM Dave Hala <dave at 58ghz.net> wrote:

> That's the rub with most of the documentation. Especially stuff like
> SeLinux. It's written referencing all this underlying stuff that only
> someone who works writing code in the user/kernel space understands.
>

My problem with SELinux is that the packages on my system install *59*
different commands. 35 of them start with 'se', where 'se' stands for
selinux, 4 of which start with se where it does *not* stand for selinux
(such as "setfiles"), and 19 others that start with "check", "get",
"match", "audit", "fix", "find", and other things. Why is it necessary to
have 59 different commands to manage an SELinux system? And how am I
supposed to discover which command I need? If I did "se<tab><tab>" and
found "setfiles", I wouldn't guess that that's an SELinux command. And
there are over a 1000 man pages! Granted, many of those are probably for
xyzproduct-sepolicy-files, and not central to managing SELinux, but even if
the true number is 500 or even 200... wow!

That's my problem, personally. I wanna be able to use apropos and
bash-completion to figure stuff out on the fly. I can't realistically do
that with SELinux.

--
Todd


More information about the Cialug mailing list