Bruno Wolff III wrote:
On Tue, Apr 04, 2006 at 15:57:30 -0500,
Robert Nichols <rnicholsNOSPAM@xxxxxxxxxxx> wrote:
Of course, anyone who wishes to continue being a beta tester for a
highly complex security package suitable mainly for servers or
dedicated machines performing a narrow set of well-defined functions
is welcome to do so.
SELinux has value on Desktops, at least to some people. I would really like to
be able to run programs that don't have the same access to resources (in
particular network connections) that I do. I know longer trust software
venders not to bad stuff in their software, at least for things targetted
at consumers. Things are likely to get worse in this regard in the near
future.
Actually, I agree with you completely. I've just found SELinux too
painful to use. I fought with it a long time in FC-3, almost had it
working, but never managed to get permissive mode to stay quiet long
enough to let me go to enforcing mode. I looked at SELinux in FC-4
to see what might have changed, but I never really did much with FC-4.
Now I see that in FC-5 so much has changed that absolutely nothing
that I learned how to do in FC-3 applies any more. I'd be starting
from scratch again. Sorry, BTDT. Sure, there are programs I'd like
to confine, but SELinux just isn't a feasable way to do that unless
you have an SELinux guru on call to set up and maintain your system.
--
Bob Nichols Yes, "NOSPAM" is really part of my email address.