Tim: >> I really don't know why people have such grand problems with it. Kostas Sfakiotakis: > I could think of a million reasons . For example , let´s just say that > they don´t have an idea about what mandatory access control is and > how to live with it . For the average user, it shouldn't be a problem. It shouldn't really be noticeable, unless they're doing something stupid with their computer. >> I don't. Not even when I run various servers. > Well that could be your problem Tim . As you say , u run SERVERS . Servers > are supposed to do very specific things and not every day stuff. I have several computers, some are servers, most are clients. I don't really have any SELinux problems (beyond the rare fault that's fixed by a yum update). The clients don't notice it's there, and there's only a few things I have to do to allow a server to do its business. By default, and quite rightly, many servers are turned off and their activities are disallowed. If you want to run a server, you should learn what you're doing, and part of that process is configuring it as well as understanding the ramifications. i.e. I don't give a damn for lazy people who want to run a SMTP server, and not secure it. Servers that cause wide spread havoc are best left to those who know what they're doing, and tightened up so much that the clueless can't run them. Now, installing some random software from outside of a repo may cause a SELinux problem. But then, such software may cause all sorts of non-SELinux problems. From the possibility of it being a malicious program, to it simply having all sorts of dependencies that you're going to have to handle by hand. It's certainly in the interests of such software to be written so that it doesn't fight with SELinux. Not just because there are computer systems using it. But, because, generally, software that gets hit on the head by SELinux gets hit on the head because it's doing something that it really shouldn't be doing. e.g. Expecting to be able to access any file on the system, or be executable in ways that it shouldn't. It's been my experience that programmers are far worse than users regarding security and doing dumb things with computers. Their attitude of "I should be able to do anything" is really bad, likewise with their lack of understanding about why. It's why we have so much bad software on some computer systems (generally Windows). >> I strongly suspect it's because they're doing daft things with their >> computer, in the first place, then following bad advice to resolve >> it. > Well that´s the issue . I can´t really understand why i can´t do any > stupid thing with the computer i have payed for . Therein lay the problem. *You*, or others doing the same thing, not SELinux. In this internetted world, your use of a computer doesn't just affect you, it affects other people. Whether that be you getting trojanned, spamming people; or not learning about your computer, doing dopey things, then bogging down a list with "I shot myself in the foot" support threads. Granted the last one is the lesser of concerns, but the point was that what you do is not in isolation to the rest of the world. > I payed for the computer and not the SELinux development it , an > agency , a corporation or whatever else . I just want to open my > computer and do my stupid things and if i mess things up , then so i > did . It would be my mess and i would be really happy to clean it . > After all it is my mess and am paying for it ( well the paying part am > doing either way ) . Umm, you're making us pay for your mess... You seem to be ignoring the point that others, who know much more about it than you, have put a lot of effort into making a system much more robust (against maliciousness, or stupidity). I get the feeling that you're another of those that might go to the doctors, tell him "I hurts when I do this," and completely ignore his, "well, don't do that," advice. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
