Alan M. Evans wrote: > On Mon, 2007-09-24 at 15:58 -0500, Mike McCarty wrote: > >> Because SELinux is not a "thing", it is a way of writing apps. > > No, no no! How many times does this have to be explained? > > Applications don't need to know anything about SELinux in order to be > under its purview. Only applications that need to interact with SELinux > in some way need to know about it. I can easily write a program that > tries to open a forbidden resource and SELinux can most easily prevent > it despite that my application only #includes stdio.h and knows nothing > of the hidden hand that blocks it. > Well, in one way it is a way of writing apps - you have to write apps that are well behaved if they are going to run with SELinux. Then again, you should be writing apps that way anyway. You could say that SELinux forces you to write better code. ;-) Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!
Description: OpenPGP digital signature