SELinux removed from desktop cd spin?

[Eric Paris]

On Thu, 2008-01-17 at 07:13 +1000, Dave Airlie wrote:
> On Wed, 2008-01-16 at 16:00 -0500, Alan Cox wrote:
> > On Wed, Jan 16, 2008 at 08:57:56PM +0100, Valent Turkovic wrote:
> > > I believe that SELinux is a great linux server security hardening tool
> > > but that has little use in desktop linux usage and it confuses
> > > ordinary desktop users.
> > 
> > Desktop users are the people it is most important for.  If it is still confusing
> > people we need to fix the confusions. Perhaps you can explain more ?
> > 
> > 
> 
> We made one big mistake with SELinux, selinuxalert or whatever it is
> called... we haven't learned from the MAC vs Windows ads... we now have
> an app that puts us squarely into the Windows lack of usefulness camp.
> 
> "hey user this app is doing something bad. do you want to let it do
> it?"_t.
> 
> Dave.

A difference though is that while we do pop up that little window which
exposes the inherent complexities of the underlying operating system we
attempt to explain in human readable format what is going on (sometimes
we fail, just read this thread).  I must admit some of it must seem very
cryptic, but that cryptic information is what the selinux developers
need to actually asses and fix the issue.  We could hide it on the mian
screen, but then every BZ that got filed would have a first responce of
'please include the useful information hidden behind the 'developer
information' button.

But more importantly we are working towards having that application
never show up unless it is a well known tunable the user may want to
flip or there is something going severely wrong.  Installing a new
program selinux has never heard of should not cause selinux problems
(ok, if the app does something terrible with memory maybe.)  We only pop
up that dialog for applications we 'think' we already know everything it
needs to do.  I wish it popped up less but we get closer and closer to
the goal every day.

Thanks Dan.

-Eric