A great article on why to use SeLinux
Mark LaPierre
marklapier at aol.com
Mon Mar 3 02:11:55 UTC 2008
max wrote:
> Konstantin Svist wrote:
>> Bruno Wolff III wrote:
>>> On Fri, Feb 29, 2008 at 21:49:18 -0800,
>>> Konstantin Svist <fry.kun at gmail.com> wrote:
>>>
>>>> But then what am I, as the end-user, supposed to do? Supposedly, if
>>>> the app isn't fixed right away, I should allow the activity by
>>>> creating a rule -- but there doesn't seem to be an easy way of
>>>> doing that.
>>>> In essence, as the article says, selinux is well-suited for
>>>> servers, not for desktops. Though I doubt how well it's suited for
>>>> servers, since you still need to be able to do some voodoo ritual
>>>> to get the server stuff working. If it's not common knowledge or
>>>> completely automated, it's pretty much useless.
>>>>
>>>
>>> Yes there are tools to allow new rules to be added. There is at least
>>> a command line tool to do this; I am not sure about a GUI tool.
>>>
>>> It is suited for desktops as well. It has been getting some nice
>>> features
>>> in that regard lately. Go take a look at Dan Walsh's live journal page
>>> if you are interested in reading about these.
>>>
>>
>>
>> Yeah, but if I don't understand how any of it works, it's just as
>> useful to me as the car keys are to a monkey.
>> I've tried reading SELinux for Dummies
>> (http://fedoraproject.org/wiki/SELinux/Understanding) but I still
>> don't really get it. The worst part is, I had to concentrate to
>> understand what the page is telling me - and I'm a CS major :P
>> The average Joe won't even go this far - in other words, he won't
>> understand how to work with it - meaning it's NOT suited for desktops.
>>
>>
> The average Joe wouldn't even notice that its running.
>
> Max
>
Not until it put the hose to her.
More information about the fedora-list
mailing list