max wrote:
Konstantin Svist wrote:
Bruno Wolff III wrote:
On Fri, Feb 29, 2008 at 21:49:18 -0800,
Konstantin Svist <fry.kun@xxxxxxxxx> wrote:
But then what am I, as the end-user, supposed to do? Supposedly, if
the app isn't fixed right away, I should allow the activity by
creating a rule -- but there doesn't seem to be an easy way of
doing that.
In essence, as the article says, selinux is well-suited for
servers, not for desktops. Though I doubt how well it's suited for
servers, since you still need to be able to do some voodoo ritual
to get the server stuff working. If it's not common knowledge or
completely automated, it's pretty much useless.
Yes there are tools to allow new rules to be added. There is at least
a command line tool to do this; I am not sure about a GUI tool.
It is suited for desktops as well. It has been getting some nice
features
in that regard lately. Go take a look at Dan Walsh's live journal page
if you are interested in reading about these.
Yeah, but if I don't understand how any of it works, it's just as
useful to me as the car keys are to a monkey.
I've tried reading SELinux for Dummies
(http://fedoraproject.org/wiki/SELinux/Understanding) but I still
don't really get it. The worst part is, I had to concentrate to
understand what the page is telling me - and I'm a CS major :P
The average Joe won't even go this far - in other words, he won't
understand how to work with it - meaning it's NOT suited for desktops.
The average Joe wouldn't even notice that its running.
Max
Not until it put the hose to her.
