On Sat, 2006-04-08 at 10:55 -0500, Robert Nichols wrote: > Bruno Wolff III wrote: > > On Tue, Apr 04, 2006 at 15:57:30 -0500, > > Robert Nichols <rnicholsNOSPAM@xxxxxxxxxxx> wrote: > > > >>Of course, anyone who wishes to continue being a beta tester for a > >>highly complex security package suitable mainly for servers or > >>dedicated machines performing a narrow set of well-defined functions > >>is welcome to do so. > > > > > > SELinux has value on Desktops, at least to some people. I would really like to > > be able to run programs that don't have the same access to resources (in > > particular network connections) that I do. I know longer trust software > > venders not to bad stuff in their software, at least for things targetted > > at consumers. Things are likely to get worse in this regard in the near > > future. > > Actually, I agree with you completely. I've just found SELinux too > painful to use. I fought with it a long time in FC-3, almost had it > working, but never managed to get permissive mode to stay quiet long > enough to let me go to enforcing mode. I looked at SELinux in FC-4 > to see what might have changed, but I never really did much with FC-4. > Now I see that in FC-5 so much has changed that absolutely nothing > that I learned how to do in FC-3 applies any more. I'd be starting > from scratch again. Sorry, BTDT. Sure, there are programs I'd like > to confine, but SELinux just isn't a feasable way to do that unless > you have an SELinux guru on call to set up and maintain your system. It's actually easier to fix things in FC5: http://fedoraproject.org/wiki/SELinux/LoadableModules/Audit2allow There's also a decent reference guide that's FC5-specific: http://fedora.redhat.com/docs/selinux-faq-fc5/ And there's lots of SELinux-related stuff on the fedora wiki: http://fedoraproject.org/wiki/Bugs/FC5Common?action=fullsearch&value=selinux&titlesearch=Titles Paul.
