A great article on why to use SeLinux
Konstantin Svist
fry.kun at gmail.com
Sat Mar 1 19:43:56 UTC 2008
Bruno Wolff III wrote:
> On Fri, Feb 29, 2008 at 21:49:18 -0800,
> Konstantin Svist <fry.kun at gmail.com> wrote:
>
>> But then what am I, as the end-user, supposed to do? Supposedly, if the
>> app isn't fixed right away, I should allow the activity by creating a
>> rule -- but there doesn't seem to be an easy way of doing that.
>> In essence, as the article says, selinux is well-suited for servers, not
>> for desktops. Though I doubt how well it's suited for servers, since you
>> still need to be able to do some voodoo ritual to get the server stuff
>> working. If it's not common knowledge or completely automated, it's
>> pretty much useless.
>>
>
> Yes there are tools to allow new rules to be added. There is at least
> a command line tool to do this; I am not sure about a GUI tool.
>
> It is suited for desktops as well. It has been getting some nice features
> in that regard lately. Go take a look at Dan Walsh's live journal page
> if you are interested in reading about these.
>
Yeah, but if I don't understand how any of it works, it's just as useful
to me as the car keys are to a monkey.
I've tried reading SELinux for Dummies
(http://fedoraproject.org/wiki/SELinux/Understanding) but I still don't
really get it. The worst part is, I had to concentrate to understand
what the page is telling me - and I'm a CS major :P
The average Joe won't even go this far - in other words, he won't
understand how to work with it - meaning it's NOT suited for desktops.
More information about the fedora-list
mailing list