Dan Stromberg <drsali...@gmail.com>: > Also, don't be overly hard on SELinux. It's a relatively young > technology and may still adapt to such needs better in the future.
SELinux suffers from big problems, the biggest being its lack of a proper methodology. There is no cookbook for developers for making their products SELinux-aware. RedHat has made a huge effort in creating a comprehensive SELinux policy covering every product they bundle in their distro, but they can't take into account third-party developers. System administrators are given a very unscientific tool (audit2allow) for dealing with SELinux roadblocks. I'm much more hopeful with regard to virtual machines, containers and namespaces. They are easier to understand and easier to get right. Marko -- https://mail.python.org/mailman/listinfo/python-list
