[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux removed from desktop cd spin?

On Jan 16, 2008 10:27 PM, Eric Paris <eparis redhat com> wrote:
> On Thu, 2008-01-17 at 07:13 +1000, Dave Airlie wrote:
> > On Wed, 2008-01-16 at 16:00 -0500, Alan Cox wrote:
> > > On Wed, Jan 16, 2008 at 08:57:56PM +0100, Valent Turkovic wrote:
> > > > I believe that SELinux is a great linux server security hardening tool
> > > > but that has little use in desktop linux usage and it confuses
> > > > ordinary desktop users.
> > >
> > > Desktop users are the people it is most important for.  If it is still confusing
> > > people we need to fix the confusions. Perhaps you can explain more ?
> > >
> > >
> >
> > We made one big mistake with SELinux, selinuxalert or whatever it is
> > called... we haven't learned from the MAC vs Windows ads... we now have
> > an app that puts us squarely into the Windows lack of usefulness camp.
> >
> > "hey user this app is doing something bad. do you want to let it do
> > it?"_t.
> >
> > Dave.
> A difference though is that while we do pop up that little window which
> exposes the inherent complexities of the underlying operating system we
> attempt to explain in human readable format what is going on (sometimes
> we fail, just read this thread).  I must admit some of it must seem very
> cryptic, but that cryptic information is what the selinux developers
> need to actually asses and fix the issue.  We could hide it on the mian
> screen, but then every BZ that got filed would have a first responce of
> 'please include the useful information hidden behind the 'developer
> information' button.

And that is exactly why this feels like testing ground for RHEL and
not an option that actually benefits users because you admit that it
is not ready for "joe user".

> But more importantly we are working towards having that application
> never show up unless it is a well known tunable the user may want to
> flip or there is something going severely wrong.  Installing a new
> program selinux has never heard of should not cause selinux problems
> (ok, if the app does something terrible with memory maybe.)  We only pop
> up that dialog for applications we 'think' we already know everything it
> needs to do.  I wish it popped up less but we get closer and closer to
> the goal every day.

I really love SELinux and it is a great tool, and it helps a lot of
admins who use it, but because it is still too rough for the general
public it should not be forced onto them.

What is your target audience with SELinux?

I'm here only talking form removing it on Gnome Live Fedora cd - focus
of that "spin" are desktop users AFAIK. Leave it on DVD version whose
target audience is much wider.


linux, blog, anime, spirituality, windsurf, wireless
registered as user #367004 with the Linux Counter, http://counter.li.org.
ICQ: 2125241, Skype: valent.turkovic

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]