On Sat, 2006-04-08 at 17:08 +0100, Paul Howarth wrote: > On Sat, 2006-04-08 at 10:55 -0500, Robert Nichols wrote: > > Bruno Wolff III wrote: > > > On Tue, Apr 04, 2006 at 15:57:30 -0500, > > > Robert Nichols <rnicholsNOSPAM@xxxxxxxxxxx> wrote: > > > > > >>Of course, anyone who wishes to continue being a beta tester for a > > >>highly complex security package suitable mainly for servers or > > >>dedicated machines performing a narrow set of well-defined functions > > >>is welcome to do so. > > > > > > > > > SELinux has value on Desktops, at least to some people. I would really like to > > > be able to run programs that don't have the same access to resources (in > > > particular network connections) that I do. I know longer trust software > > > venders not to bad stuff in their software, at least for things targetted > > > at consumers. Things are likely to get worse in this regard in the near > > > future. > > > > Actually, I agree with you completely. I've just found SELinux too > > painful to use. I fought with it a long time in FC-3, almost had it > > working, but never managed to get permissive mode to stay quiet long > > enough to let me go to enforcing mode. I looked at SELinux in FC-4 > > to see what might have changed, but I never really did much with FC-4. > > Now I see that in FC-5 so much has changed that absolutely nothing > > that I learned how to do in FC-3 applies any more. I'd be starting > > from scratch again. Sorry, BTDT. Sure, there are programs I'd like > > to confine, but SELinux just isn't a feasable way to do that unless > > you have an SELinux guru on call to set up and maintain your system. > > It's actually easier to fix things in FC5: > http://fedoraproject.org/wiki/SELinux/LoadableModules/Audit2allow > > There's also a decent reference guide that's FC5-specific: > http://fedora.redhat.com/docs/selinux-faq-fc5/ > > And there's lots of SELinux-related stuff on the fedora wiki: > http://fedoraproject.org/wiki/Bugs/FC5Common?action=fullsearch&value=selinux&titlesearch=Titles > ---- and of course...Paul ;-) there is a fedora-selinux list as well. It's all workable if you want to use it. Craig