Karl Larsen writes:
While reading the man selinux I found the part that makes me think that this software may not be ready for a desktop user. Here it is:
It's not. Some time ago I made a good-faith effort to put together an SELinux policy for ivtv and mythtv.
I gave up.Let's begin with a complete lack of any usable documentation that comes with the SELinux package itself. And the documentation on the web not just wasn't helped, it was pretty clear that SELinux is long way from maturing.
NSA's original documentation wasn't too bad, you could follow it along. After reading it a couple of times, you can get a fairly good grasp of what's going on. But the real problem is that, it seems, over the last couple of years, the stock SELinux policies have undergone some major tumult. The SELinux software itself merely provides the infrastructure for policy enforcement, and you'll need to put together an overall system policy in order to use SELinux. It seems that there were several major attempts at putting together an SELinux policy infrastucture, so whenever you come across some documentation on the web, you have no idea of what specific SELinux policy infrastructure it's talking about. And, of course, the SELinux policies in Fedora do not appear to have much documentation, and there's precious little in there that will tell you how you go about defining SELinux policies for any new component, and how the existing policies work, vis-a-vis plugging your own stuff in.
As I said, I gave up. Although I was certainly willing to lay down some elbow grease, there was absolutely no visible roadmap I could follow, whatsoever, so that was the end of it. I'll wait until SELinux documentation matures.
Attachment:
pgpLn4kc1bgNc.pgp
Description: PGP signature
