Konstantin Svist wrote:
Bruno Wolff III wrote:
On Fri, Feb 29, 2008 at 21:49:18 -0800,
Konstantin Svist <fry.kun@xxxxxxxxx> wrote:
But then what am I, as the end-user, supposed to do? Supposedly, if
the app isn't fixed right away, I should allow the activity by
creating a rule -- but there doesn't seem to be an easy way of doing
that.
In essence, as the article says, selinux is well-suited for servers,
not for desktops. Though I doubt how well it's suited for servers,
since you still need to be able to do some voodoo ritual to get the
server stuff working. If it's not common knowledge or completely
automated, it's pretty much useless.
Yes there are tools to allow new rules to be added. There is at least
a command line tool to do this; I am not sure about a GUI tool.
It is suited for desktops as well. It has been getting some nice features
in that regard lately. Go take a look at Dan Walsh's live journal page
if you are interested in reading about these.
Yeah, but if I don't understand how any of it works, it's just as useful
to me as the car keys are to a monkey.
I've tried reading SELinux for Dummies
(http://fedoraproject.org/wiki/SELinux/Understanding) but I still don't
really get it. The worst part is, I had to concentrate to understand
what the page is telling me - and I'm a CS major :P
The average Joe won't even go this far - in other words, he won't
understand how to work with it - meaning it's NOT suited for desktops.
The average Joe wouldn't even notice that its running.
Max
