On Fri, Feb 29, 2008 at 21:49:18 -0800, Konstantin Svist <fry.kun@xxxxxxxxx> wrote: > > But then what am I, as the end-user, supposed to do? Supposedly, if the > app isn't fixed right away, I should allow the activity by creating a > rule -- but there doesn't seem to be an easy way of doing that. > In essence, as the article says, selinux is well-suited for servers, not > for desktops. Though I doubt how well it's suited for servers, since you > still need to be able to do some voodoo ritual to get the server stuff > working. If it's not common knowledge or completely automated, it's > pretty much useless. Yes there are tools to allow new rules to be added. There is at least a command line tool to do this; I am not sure about a GUI tool. It is suited for desktops as well. It has been getting some nice features in that regard lately. Go take a look at Dan Walsh's live journal page if you are interested in reading about these.
