[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Request to re-add option to disable SELinux



On Wed, 2008-07-02 at 16:39 -0400, Jon Masters wrote:
> On Wed, 2008-07-02 at 16:29 -0400, Matthias Clasen wrote:
> > On Wed, 2008-07-02 at 16:10 -0400, Jon Masters wrote:
> > 
> > > 
> > > *). Tools like nautilus do not support labeling of files via the
> > > right-click properties dialog (gnome VFS, etc.) so there is no easy way
> > > for an end user who even understands part of this to fix context. This
> > > is the number one reason why SELinux should not be enabled by default,
> > > except on systems where there is an admin who can use chcon.
> > 
> > I don't disagree with the general sentiment that selinux is not a very
> > good fit for desktop users as it is today. But nautilus _does_ support
> > labeling of files via the right-click properties dialog.
> 
> It displays the current context. I'm guessing if you're root at the time
> then it probably allows you to change it, but that's not useful until
> there's e.g. a PolicyKit hook that allows regular users to relabel.

Well, that's just incredibly helpful when combined with the whole "you
should never, under any circumstances, run X windows as root" thread of
a few days ago ;-)

-- 
Doug Ledford <dledford redhat com>
              GPG KeyID: CFBFF194
              http://people.redhat.com/dledford

Infiniband specific RPMs available at
              http://people.redhat.com/dledford/Infiniband

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]