SElinux

[Robert Nichols]

Bruno Wolff III wrote:
> On Tue, Apr 04, 2006 at 15:57:30 -0500,
>   Robert Nichols <rnicholsNOSPAM at comcast.net> wrote:
> 
>>Of course, anyone who wishes to continue being a beta tester for a
>>highly complex security package suitable mainly for servers or
>>dedicated machines performing a narrow set of well-defined functions
>>is welcome to do so.
> 
> 
> SELinux has value on Desktops, at least to some people. I would really like to
> be able to run programs that don't have the same access to resources (in
> particular network connections) that I do. I know longer trust software
> venders not to bad stuff in their software, at least for things targetted
> at consumers. Things are likely to get worse in this regard in the near
> future.

Actually, I agree with you completely.  I've just found SELinux too
painful to use.  I fought with it a long time in FC-3, almost had it
working, but never managed to get permissive mode to stay quiet long
enough to let me go to enforcing mode.  I looked at SELinux in FC-4
to see what might have changed, but I never really did much with FC-4.
Now I see that in FC-5 so much has changed that absolutely nothing
that I learned how to do in FC-3 applies any more.  I'd be starting
from scratch again.  Sorry, BTDT.  Sure, there are programs I'd like
to confine, but SELinux just isn't a feasable way to do that unless
you have an SELinux guru on call to set up and maintain your system.

-- 
Bob Nichols         Yes, "NOSPAM" is really part of my email address.