An interesting topic ... heading out to cast vote now.

In our environment, about 6 years ago we informally identified the gap 
(grey area, war, however it is described) between server / network 
managers and developers / Librarians as an obstacle to our end goals and 
have put considerable effort into closing it.  The key efforts being 
communication (more planning, meetings, informal sessions), 
collaboration (no-one is working in a vacuum), and the willingness to 
expand/stretch job descriptions (programmers sometimes participate in 
hardware / OS work and sysadmins will attend interface / application 
planning meetings).  Supportive management helps.

The end result is that sysadmins try as hard as possible to fully 
understand what an application is doing/requires on "their" 
hardware/networks, and programmers almost never run any applications 
that sysadmins don't know about.

So, SELinux has never been a problem because we know what a server needs 
to do before it ends up in a developer's hands and developers know not 
to pound their heads against the desk for a day before talking to 
sysadmins about something that doesn't work.  Well, for the most part, 
anyway ;-)


Ross Singer wrote:
> On Tue, Nov 24, 2009 at 11:18 AM, Graham Stewart
> <[log in to unmask]> wrote:
>> We run many Library / web / database applications on RedHat servers with
>> SELinux enabled.  Sometimes it takes a bit of investigation and  horsing
>> around but I haven't yet found a situation where it had to be disabled.
>>  setsebool and chcon can solve most problems and SELinux is an excellent
>> enhancement to standard filesystem and ACL security.
> Agreed that SELinux is useful but it is a tee-otal pain in the keister
> if you're ignorantly working against it because you didn't actually
> know it was there.
> It's sort of the perfect embodiment between the disconnect between the
> developer and the sysadmin.  And, if this sort of tension interests
> you, vote for Bess Sadler's presentation at Code4lib 2010: "Vampires
> vs. Werewolves: Ending the War Between Developers and Sysadmins with
> Puppet" and anything else that interests you.
> -Ross "Bringin' it on home" Singer.

Graham Stewart
Network and Storage Services Manager, Information Technology Services
University of Toronto Library
130 St. George Street
Toronto, Ontario        [log in to unmask]
Canada   M5S 1A5        Phone: 416-978-6337 | Mobile: 416-550-2806 | 
Fax: 416-978-1668