Re: SElinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2006-04-08 at 17:08 +0100, Paul Howarth wrote:
> On Sat, 2006-04-08 at 10:55 -0500, Robert Nichols wrote:
> > Bruno Wolff III wrote:
> > > On Tue, Apr 04, 2006 at 15:57:30 -0500,
> > >   Robert Nichols <rnicholsNOSPAM@xxxxxxxxxxx> wrote:
> > > 
> > >>Of course, anyone who wishes to continue being a beta tester for a
> > >>highly complex security package suitable mainly for servers or
> > >>dedicated machines performing a narrow set of well-defined functions
> > >>is welcome to do so.
> > > 
> > > 
> > > SELinux has value on Desktops, at least to some people. I would really like to
> > > be able to run programs that don't have the same access to resources (in
> > > particular network connections) that I do. I know longer trust software
> > > venders not to bad stuff in their software, at least for things targetted
> > > at consumers. Things are likely to get worse in this regard in the near
> > > future.
> > 
> > Actually, I agree with you completely.  I've just found SELinux too
> > painful to use.  I fought with it a long time in FC-3, almost had it
> > working, but never managed to get permissive mode to stay quiet long
> > enough to let me go to enforcing mode.  I looked at SELinux in FC-4
> > to see what might have changed, but I never really did much with FC-4.
> > Now I see that in FC-5 so much has changed that absolutely nothing
> > that I learned how to do in FC-3 applies any more.  I'd be starting
> > from scratch again.  Sorry, BTDT.  Sure, there are programs I'd like
> > to confine, but SELinux just isn't a feasable way to do that unless
> > you have an SELinux guru on call to set up and maintain your system.
> 
> It's actually easier to fix things in FC5:
> http://fedoraproject.org/wiki/SELinux/LoadableModules/Audit2allow
> 
> There's also a decent reference guide that's FC5-specific:
> http://fedora.redhat.com/docs/selinux-faq-fc5/
> 
> And there's lots of SELinux-related stuff on the fedora wiki:
> http://fedoraproject.org/wiki/Bugs/FC5Common?action=fullsearch&value=selinux&titlesearch=Titles
> 
----
and of course...Paul

;-)

there is a fedora-selinux list as well.

It's all workable if you want to use it.

Craig


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux