A Modest Suggestion to make SElinux usable.
drago01
drago01 at gmail.com
Mon Jun 1 14:40:36 UTC 2009
On Mon, Jun 1, 2009 at 4:25 PM, Kevin Kofler <kevin.kofler at chello.at> wrote:
> max wrote:
>> SELinux needs a lot of things but an allow button is not one of them. A
>> better idea would be to use the recently created sandbox feature instead,
>> offering to run the application in a generic sandbox, this way it may run
>> without incident but you can be reasonably sure it isn't grossly violating
>> policy.
>>
>> Of course the sandbox doesn't support X apps yet so it may or may not work
>> but its better than just allowing according to setroubleshoot. Really RPM
>> (package kit or whatever) should sandbox all applications upon
>> installation that do not have policy in place or at least offer the option
>> but undoubtedly people would complain about that feature.
>
> SELinux is already too restrictive
No, its not ... it does not get in my way even thought I have stuff
like confined nsplugin enabled (which are off by default).
You have to provide specific cases so that they can be fixed.
More information about the fedora-test-list
mailing list