A great article on why to use SeLinux
Bruno Wolff III
bruno at wolff.to
Sat Mar 1 14:44:41 UTC 2008
On Fri, Feb 29, 2008 at 21:49:18 -0800,
Konstantin Svist <fry.kun at gmail.com> wrote:
>
> But then what am I, as the end-user, supposed to do? Supposedly, if the
> app isn't fixed right away, I should allow the activity by creating a
> rule -- but there doesn't seem to be an easy way of doing that.
> In essence, as the article says, selinux is well-suited for servers, not
> for desktops. Though I doubt how well it's suited for servers, since you
> still need to be able to do some voodoo ritual to get the server stuff
> working. If it's not common knowledge or completely automated, it's
> pretty much useless.
Yes there are tools to allow new rules to be added. There is at least
a command line tool to do this; I am not sure about a GUI tool.
It is suited for desktops as well. It has been getting some nice features
in that regard lately. Go take a look at Dan Walsh's live journal page
if you are interested in reading about these.
More information about the fedora-list
mailing list