On Mon, 27 Jul 2009, Daniel J Walsh wrote: > This is all fascinating conversation. But the question still arises, > why can't anyone use SECMARK/IPTABLES rules on a Targeted policy system. > My opinion is that it is still too difficult. Well, it's taken years to get all the basic technology into place (including CIPSO and Labeled IPSec), and no work at all has gone into usability as yet. I envisage providing high-level abstractions in one of two ways: a) Building network labeling into a project as a standard configurable aspect of that (e.g. virtualized secure networking for VM to VM communication), which is integrated into and managed by the existing management tool, like we have with sVirt. No policy knowledge is required, just how to use e.g. virt-manager to configure sharing via the network. b) Network design tools which let you visually design and manage protected communications paths between processes on different machines, e.g. for managing your DMZ. This would generate policy and distribute it to systems on the network & really be something for advanced users, but domain-specific i.e. thinking in terms of network security vs. SELinux policy. Note that there was never any intention for people to have to know the low-level SELinux policy (as far as I recall). The high-level abstractions we're building with kiosk mode, svirt, sandbox etc. are some glimpses into where things are headed now that we have most of the base technology in place. - James -- James Morris <jmorris@xxxxxxxxx> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
