On 07/19/2012 04:24 AM, Mateusz Marzantowicz wrote:
Why is using of SELinux on Fedora (I don't have experience with other
distros) so painful from a regular user perspective?
I'm talking about situation in which after installing stock packages and
"just running" applications I'm spending more time with SELInux Alert
Browser than any other system management utility.
You'd probably say that it's my fault, that I messed up with selinux
settings (yes, I confess, I've enabled samba sharing on some of my
directories under home but I've done this based on official Wiki) but
actually I only followed instructions from alert browser. I've applied
custom policies for one or two files that I then removed after one or
two hours.
I think that right now my system is as secure as with selinux disabled
because of all that modification that I've made. I'm not an idiot but I
really can't track all security policies that are active in my desktop
system used for daily work.
Do I really need to became security expert specialized in SELInux to use
my system? I started reading about selinux design and configuration but
I think it's a waste of time. My current selinux problem is caused by
systemd-tmpfiles trying to cleanup my /tmp dir where I copied some files
from home directory to play with and ... left them for automatic
cleanup. Solution is obvious - remove files form /tmp manually but then
autoremover mechanism provided by Fedora is redundant.
Is there a chance that someday users will use selinux without even
noticing it's installed?
Mateusz Marzantowicz
Howdy -
Take a look at http://www.youtube.com/watch?v=e_dzkYlXggM and
http://people.redhat.com/tcameron - there's a presentation there called
"SELinux for Mere Mortals"
Hopefully it helps with your SELinux questions.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org