On Fri, 22 Jan 2010 07:22 -0600, "Marco Peereboom" <sl...@peereboom.us> wrote: > It doesn't and I'll argue all day that it won't help you a bit. > > Here is an example: > 1. running system with OMGACL > 2. pkg_add -ui > 3. couple of days later at 3am bzzzzz got come to the datacenter because > the app bombed > 4. oh, the acl terminated it; adjust > 5. repeat 3 - 4 until it "works" > 6. repeat 2 - 5 in perpetuity > > - or - > > 1. Disable ACL.
[snip] I saw a group of sys admins go through those very steps several years ago while attempting to deploy SELinux. After 3 months of trying to make it work, they disabled it. It could have been done, but they would have had to triple the support staff to make it work.
