On Tue, 20 Mar 2018, hw wrote:
which is what access rights are for
Yes and no. You can run firefox and let it download files into the Downloads directory, but not elsewhere. You can run apache on port 80/443 but not let it open up a different port. You can stop apache reading files outside of its webroot even though they're readable by all users. You can't do all that with simple file permissions.
It still doesn´t allow me as a user to make it so that a program I´m running can only access the files I want it to access. Why isn´t that a common thing for users to do? Gimp doesn´t need to have access to my emails and fvwm doesn´t need to access anything but it´s configuration, etc.. Since those are common things, why doesn´t selinux do it --- and in such a way that it is easy to manage?
You want a *user* to be able to confine applications in this way, not an administrator? jh _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
