[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: A Modest Suggestion to make SElinux usable.
- From: drago01 <drago01 gmail com>
- To: For testers of Fedora Core development releases <fedora-test-list redhat com>
- Subject: Re: A Modest Suggestion to make SElinux usable.
- Date: Mon, 1 Jun 2009 16:40:36 +0200
On Mon, Jun 1, 2009 at 4:25 PM, Kevin Kofler <kevin kofler chello at> wrote:
> max wrote:
>> SELinux needs a lot of things but an allow button is not one of them. A
>> better idea would be to use the recently created sandbox feature instead,
>> offering to run the application in a generic sandbox, this way it may run
>> without incident but you can be reasonably sure it isn't grossly violating
>> policy.
>>
>> Of course the sandbox doesn't support X apps yet so it may or may not work
>> but its better than just allowing according to setroubleshoot. Really RPM
>> (package kit or whatever) should sandbox all applications upon
>> installation that do not have policy in place or at least offer the option
>> but undoubtedly people would complain about that feature.
>
> SELinux is already too restrictive
No, its not ... it does not get in my way even thought I have stuff
like confined nsplugin enabled (which are off by default).
You have to provide specific cases so that they can be fixed.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]