On Wed, 2006-03-29 at 17:58 -0500, Matthew Miller wrote: > On Wed, Mar 29, 2006 at 12:56:46AM -0500, Daniel J Walsh wrote: > > >>Should also be wrapped in SELinux to make sure some random app does not > > >>ask for this. If I am a user and NetworkManager pops a window saying > [...] > > >What would happen in the absence of SELinux? > > It will ask the user and the user will say yes. Right. Maybe even the user needs to put in his own password or the superuser password. > > In the SELinux case it will still ask the user, but only an approved app > > will be able to open the whole in the firewall. It won't have to ask the user and I argue it shouldn't have to. > > Sounds good, although I wonder if it might be nicer to implement this in a > way similar to that described here: <http://blog.fubar.dk/?p=66>. Yea, that's what I was rambling about in my other mail. > Also, who decides which apps are "random" and which are approved? The thinking was that g-u-s would provide the system-level component for punching a hole that the httpd process launched by g-u-s would use. As such, only g-u-s would be able to use this. Other apps such as Banshee or Rhythmbox that wants to listen on a port too would provide similar helpers. This is not optimal but we gotta start somewhere. Ideally, the Fedora firewall (which is no more than a script plus a consolehelper powered GUI, ugh) would provide such a service along with a configuration framework. In fact, ideally there would be a freedesktop.org framework for punching holes through firewalls so everything would be solved upstream. One can always dream, yea? David
