On Wed, Sep 1, 2010 at 9:35 PM, JB <jb.1234abcd@xxxxxxxxx> wrote: > Hi, > > SELinux is a bad thing, concept- and design-wise. SELinux in a Linux OS is not a general consumer grade solution. I'm not sure it will ever be. However, Fedora is not a general consumer grade OS, at least not for most consumers without an in-house geek. It's a place for experimenting, and we really don't know what good solutions for the problems SELinux is directed at should look like, so experimenting here is a good thing. I, myself, am partial to a concept I call virtual sub-users, but I have no code for that, don't even have a complete description of the concept. It doesn't run on any available OS, including those that do "sandboxing". When I think of access control lists, I'm always struck with the idea that I don't post lists around the house telling people who can use what. I'm also struck with the idea that I don't generally leave things locked on the street, expecting them to remain untouched. In fact, I generally assume that a locked car has a greater than zero probability of becoming unlocked without the owner's authorization. But we need to experiment a bit with different ideas about how to keep an OS and the data it manages self-coherent and more-or-less secure from malevolent access. So, those of us who use Fedora put up with SELinux and either shut it off or report the access errors, or sometimes just ignore the alerts when they aren't preventing us from getting our work done. (I ignore too many alerts, I think.) Joel Rees -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
