A great article on why to use SeLinux

max bianco maximilianbianco at gmail.com
Mon Mar 3 15:23:32 UTC 2008 

On Sun, Mar 2, 2008 at 9:11 PM, Mark LaPierre <marklapier at aol.com> wrote:

> max wrote:
> > Konstantin Svist wrote:
> >> Bruno Wolff III wrote:
> >>> On Fri, Feb 29, 2008 at 21:49:18 -0800,
> >>>   Konstantin Svist <fry.kun at gmail.com> wrote:
> >>>
> >>>> But then what am I, as the end-user, supposed to do? Supposedly, if
> >>>> the app isn't fixed right away, I should allow the activity by
> >>>> creating a rule -- but there doesn't seem to be an easy way of
> >>>> doing that.
> >>>> In essence, as the article says, selinux is well-suited for
> >>>> servers, not for desktops. Though I doubt how well it's suited for
> >>>> servers, since you still need to be able to do some voodoo ritual
> >>>> to get the server stuff working. If it's not common knowledge or
> >>>> completely automated, it's pretty much useless.
> >>>>
> >>>
> >>> Yes there are tools to allow new rules to be added. There is at least
> >>> a command line tool to do this; I am not sure about a GUI tool.
> >>>
> >>> It is suited for desktops as well. It has been getting some nice
> >>> features
> >>> in that regard lately. Go take a look at Dan Walsh's live journal page
> >>> if you are interested in reading about these.
> >>>
> >>
> >>
> >> Yeah, but if I don't understand how any of it works, it's just as
> >> useful to me as the car keys are to a monkey.
> >> I've tried reading SELinux for Dummies
> >> (http://fedoraproject.org/wiki/SELinux/Understanding) but I still
> >> don't really get it. The worst part is, I had to concentrate to
> >> understand what the page is telling me - and I'm a CS major :P
> >> The average Joe won't even go this far - in other words, he won't
> >> understand how to work with it - meaning it's NOT suited for desktops.
> >>
> >>
> > The average Joe wouldn't even notice that its running.
> >
> > Max
> >
> Not until it put the hose to her.
>

But what exactly is the average user doing in your estimation?  The
majority of  users are not IT people. Most users don't even know how to
share files. The majority of users are using the internet, Open Office,
doing pictures, ripping cds, etc....I have setup Fedora 8 for several people
who couldn't even tell you what an operating system is and they represent
the average much better than you or I, they haven't had any issues using the
system with SELinux turned on. Now if your running a web server or like me
you like to tweak and tinker then your gonna have issues. Need a custom
setup? If your smart enough to customize things yourself then SELinux is
doable or should be. The average user is not customizing things themselves,
they pay someone to do it or they get the family geek to do it for them.
Survey the average person and your going to find that they can't even tell
you what RAM stands for never mind what its used for.


Max
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080303/255ddeae/attachment-0001.htm>

More information about the fedora-list mailing list