[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux blocking Gizmo on FC5



Michael Wiktowy wrote:
I just fixed my problem with
chcon -t texrel_shlib_t /usr/lib/libsipphoneapi.so.0.78.20060211
I am not exactly sure what that does though.
Craig,

I wonder how many people do these statements without understanding the implications? How secure would that be? On this line, what we actually need is some kind of easifier / dumbifier, if you get my meaning. So it is obvious what the implications are.

Think of implementing an application: no user fully understands the implications of that application, even less are they able to check these implications: they trust the builders. Obviously, this is inherently insecure. (example? One of the anti-virus vendors had parts of a rootkit implemented, creating a possible security hole. The software was generally trusted by users to be secure).

Now, back to SELInux, I suspect that in general non-admin user can not fully understand what he/she is doing when doing a chcon or changing a policy. So, what we need is some sort of high translation of the implications, so that even non-programmer, non-admin users can understand what they are doing on a bit of a higher level than what is currently possible.

Would it be possible to have a non-technical layer around SELInux so that users can have a more high level view of their security than admins have? [Regretfully, many users are admin by default, but not by choice, i.e. home users. They need the high level view...]. Meaning, a user can change the system (high-level) and still know what he/she is doing (high-level).

Guus.

--
A.J. Bonnema, Leiden The Netherlands,
user #328198 (Linux Counter http://counter.li.org)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]