Re: SElinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Rahul Sundaram wrote:

On Sun, 2006-04-02 at 13:20 -0500, Les Mikesell wrote:

On Sun, 2006-04-02 at 10:04, Craig White wrote:


As for SELinux making a system 'unstable' - I can't envision a scenario
that SELinux would do that. 
Frequency of updates is a good metric for stability.  How many
SELinux updates have been issued since it was experimentally
included in fedora?


FC2 had strict policy disabled by default. FC3 targeted policy had a
dozen or so daemons. FC4 had 91. FC5 has a whole new reference policy
and other changes and there has been a steady inflow of policy updates
in every release. 
http://fedoraproject.org/wiki/SELinux/FC5Features

Rahul
I noticed the idea of getting a GUI tool for SELinux was hinted strongly on the page.
Comments regarding the thread. I don't think that making SELinux difficult is the goal of any program. Having a GUI management tool to utilize semanage would be an ideal tool and would lessen the tendency for a slew of users as well as developers from disabling SELinux.
Regarding the need for every computer user to dedicate a lot of time to learning low level aspects of SELinux should not be needed. Using a high-level approach to manage SELinux is a better approach to take to make its usage widely accepted.
Regarding needing to be a very knowledgeable user regarding admin issues is not really why one wants computers for. As noted by earlier postings, businesses want to be able to keep their systems up where they can deal wth business tasks. They need a secure system, just not a system where the management is cryptic.
Admin issues in general, keep it easy to manage. I even use system-config-boot. Having a system-config-SEmanager would greatly simplify managing one's computer, especially with the reality that there are many external repositories to choose from and putting the burden on a developer to need to tailor policy or inform the user that it is not a core program so policy additions would not be added to the policy. Yumex comes to mind. 

Thanks!
Jim

--
50% of the manual is in .pdf readme files
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux