On Thu, 2004-10-07 at 08:41 -0700, Nathan Grennan wrote: > I think this is asking too much, especially when the complexity level is > such that users won't generally be manually setting security context, > but letting the system figure out the correct context for them via > restorecon. That says to me it is more of a automation problem than it > is a education problem. No. As I said in my other mail, particularly in the Apache case, either the user needs to be aware of them, or you need much higher-level domain-specific tools built that handle it automatically. The Apache policy is somewhat special in that it defines new types that users are allowed to change to and from; typically, users are not allowed to relabel files. Generally SELinux is otherwise transparent - when you create a file in your home directory it automatically gets the type user_home_t. However, as we move towards finer-grained controls on user applications like Mozilla, users will have to become more generally aware of security contexts and how to change them.
Description: This is a digitally signed message part