SElinux

Jim Cornette fc-cornette at insight.rr.com
Mon Apr 3 02:59:19 UTC 2006 

Rahul Sundaram wrote:
> On Sun, 2006-04-02 at 13:20 -0500, Les Mikesell wrote:
>> On Sun, 2006-04-02 at 10:04, Craig White wrote:
>>
>>> As for SELinux making a system 'unstable' - I can't envision a scenario
>>> that SELinux would do that. 
>> Frequency of updates is a good metric for stability.  How many
>> SELinux updates have been issued since it was experimentally
>> included in fedora?
> 
> FC2 had strict policy disabled by default. FC3 targeted policy had a
> dozen or so daemons. FC4 had 91. FC5 has a whole new reference policy
> and other changes and there has been a steady inflow of policy updates
> in every release. 
> 
> http://fedoraproject.org/wiki/SELinux/FC5Features
> 
> Rahul
> 


I noticed the idea of getting a GUI tool for SELinux was hinted strongly 
on the page.

Comments regarding the thread. I don't think that making SELinux 
difficult is the goal of any program. Having a GUI management tool to 
utilize semanage would be an ideal tool and would lessen the tendency 
for a slew of users as well as developers from disabling SELinux.

Regarding the need for every computer user to dedicate a lot of time to 
learning low level aspects of SELinux should not be needed. Using a 
high-level approach to manage SELinux is a better approach to take to 
make its usage widely accepted.

Regarding needing to be a very knowledgeable user regarding admin issues 
is not really why one wants computers for. As noted by earlier postings, 
businesses want to be able to keep their systems up where they can deal 
wth business tasks. They need a secure system, just not a system where 
the management is cryptic.

Admin issues in general, keep it easy to manage. I even use 
system-config-boot. Having a system-config-SEmanager would greatly 
simplify managing one's computer, especially with the reality that there 
are many external repositories to choose from and putting the burden on 
a developer to need to tailor policy or inform the user that it is not a 
core program so policy additions would not be added to the policy. Yumex 
comes to mind.

Thanks!
Jim

-- 
50% of the manual is in .pdf readme files

More information about the fedora-list mailing list