[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: SELinux removed from desktop cd spin?
- From: Stephen Smalley <sds tycho nsa gov>
- To: "Daniel P. Berrange" <berrange redhat com>, Development discussions related to Fedora <fedora-devel-list redhat com>
- Cc:
- Subject: Re: SELinux removed from desktop cd spin?
- Date: Wed, 16 Jan 2008 15:20:48 -0500
On Wed, 2008-01-16 at 20:03 +0000, Daniel P. Berrange wrote:
> On Wed, Jan 16, 2008 at 08:57:56PM +0100, Valent Turkovic wrote:
> > Hi,
> > I believe that SELinux is a great linux server security hardening tool
> > but that has little use in desktop linux usage and it confuses
> > ordinary desktop users.
>
> It is of great use in a desktop spin. On my 'desktop' install for my
> laptop I have many many system daemons running under a confined domain
Also, note that XACE/XSELinux has been merged to the trunk of xorg, so
the ability of SELinux to confine desktop applications in interesting
ways is only going to increase over time...
>
> auditd
> console-kit-daemon
> crond
> cupsd
> dbus-daemon
> hald
> init
> libvirtd
> NetworkManager
> rklogd
> rpcbind
> rpc.statd
> rsyslogd
> /sbin/dhclient
> /sbin/mingetty
> /sbin/udevd
> /usr/bin/nm-vpnc-service
> /usr/sbin/acpid
> /usr/sbin/dnsmasq
> /usr/sbin/gdm-binary
> /usr/sbin/hcid
> /usr/sbin/smartd
> /usr/sbin/sshd
> /usr/sbin/wpa_supplicant
>
>
> > If it hasn't been discussed before I would like to propose that on
> > desktop cd spin SELinux is not installed by default, of course after
> > discussion and approval from you (fedora devels).
>
> No. SELinux provides very real & important protection for desktop users.
>
> Dan.
> --
> |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
> |=- Perl modules: http://search.cpan.org/~danberr/ -=|
> |=- Projects: http://freshmeat.net/~danielpb/ -=|
> |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
>
--
Stephen Smalley
National Security Agency
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]