Craig wrote:
The current SELinux targeted policy is aimed at the server environment, or machines that have network connected daemons. In the future we want to bring more of this technology to the Desktop platform. The question we have is how do we do this without being so disruptive that people just turn it off. So for now SELinux is in it's infancy, we are hoping that the open source movement embraces this technology and we figure new an innovative ways to use it in many different environments. People are already looking at everything for targeted to strict policy. MLS systems are being developed in it. Investigations are ongoing on advancements in X-Windows and SELinux.William Hooper wrote:
I completely agree. Remember that the default policy is "Targeted", which means that it targets controls/apps that allow your pc to share internal info with the outside world. This kind of added protection is always a good thing. It is important to remember that Red Hat made the decision long ago to distribute SE Linux, not Linux. Even if they were to foray into desktop sales again, they would do so with SE Linux, not Linux. It is the future be it server or desktop.Michael A. Peters said: [snip]
But there are still imho too many cases where it gets in the way of
what the desktop user wants to do for me personally to recommend it to
desktop users. You can see this in posts on the test list. Some of that
may be user error, but it still gets in the way sometimes. Maybe by FC4.
Most of the posts to the test list about SELinux lately have been about
httpd issues (serving from users home directories, cgi scripts, etc.). I
would argue that the average "desktop" system wouldn't have those issues.
SELinux makes just as much sense on the desktop, because it is another layer of permissions to keep you from making a mistake that will break things.
Craig
So I would hope that people will work with it and not just turn it off as soon as they have a problem
with the system.
