Re: SELinux Understanding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Karl Larsen writes:

While reading the man selinux I found the part that makes me think that this software may not be ready for a desktop user. Here it is:

It's not. Some time ago I made a good-faith effort to put together an SELinux policy for ivtv and mythtv.

I gave up.

Let's begin with a complete lack of any usable documentation that comes with the SELinux package itself. And the documentation on the web not just wasn't helped, it was pretty clear that SELinux is long way from maturing.

NSA's original documentation wasn't too bad, you could follow it along. After reading it a couple of times, you can get a fairly good grasp of what's going on. But the real problem is that, it seems, over the last couple of years, the stock SELinux policies have undergone some major tumult. The SELinux software itself merely provides the infrastructure for policy enforcement, and you'll need to put together an overall system policy in order to use SELinux. It seems that there were several major attempts at putting together an SELinux policy infrastucture, so whenever you come across some documentation on the web, you have no idea of what specific SELinux policy infrastructure it's talking about. And, of course, the SELinux policies in Fedora do not appear to have much documentation, and there's precious little in there that will tell you how you go about defining SELinux policies for any new component, and how the existing policies work, vis-a-vis plugging your own stuff in.

As I said, I gave up. Although I was certainly willing to lay down some elbow grease, there was absolutely no visible roadmap I could follow, whatsoever, so that was the end of it. I'll wait until SELinux documentation matures.

Attachment: pgpnN7MLOnwwT.pgp
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux