A great article on why to use SeLinux
max
maximilianbianco at gmail.com
Mon Mar 3 01:14:46 UTC 2008
Konstantin Svist wrote:
> Bruno Wolff III wrote:
>> On Fri, Feb 29, 2008 at 21:49:18 -0800,
>> Konstantin Svist <fry.kun at gmail.com> wrote:
>>
>>> But then what am I, as the end-user, supposed to do? Supposedly, if
>>> the app isn't fixed right away, I should allow the activity by
>>> creating a rule -- but there doesn't seem to be an easy way of doing
>>> that.
>>> In essence, as the article says, selinux is well-suited for servers,
>>> not for desktops. Though I doubt how well it's suited for servers,
>>> since you still need to be able to do some voodoo ritual to get the
>>> server stuff working. If it's not common knowledge or completely
>>> automated, it's pretty much useless.
>>>
>>
>> Yes there are tools to allow new rules to be added. There is at least
>> a command line tool to do this; I am not sure about a GUI tool.
>>
>> It is suited for desktops as well. It has been getting some nice features
>> in that regard lately. Go take a look at Dan Walsh's live journal page
>> if you are interested in reading about these.
>>
>
>
> Yeah, but if I don't understand how any of it works, it's just as useful
> to me as the car keys are to a monkey.
> I've tried reading SELinux for Dummies
> (http://fedoraproject.org/wiki/SELinux/Understanding) but I still don't
> really get it. The worst part is, I had to concentrate to understand
> what the page is telling me - and I'm a CS major :P
> The average Joe won't even go this far - in other words, he won't
> understand how to work with it - meaning it's NOT suited for desktops.
>
>
The average Joe wouldn't even notice that its running.
Max
More information about the fedora-list
mailing list