> -----Original Message----- > From: fedora-devel-list-bounces@xxxxxxxxxx [mailto:fedora-devel-list- > bounces@xxxxxxxxxx] On Behalf Of Steve G > > >Design the exposed UI for the end users of the system. Don't just > >expose the raw UI that developers understand. And the config files are > >definitely UI. > > I'd say that new ways to configure it will evolve out of the current > environment. > Remember when IPTables first came out? You had to be a network guru and > write > your own script. Now you can choose between many programs that let you > configure > iptables. For example, shorewall or firewall builder. I think over time > (and as > the needs are made clearer) better tools will be created out of necessity > or > simply seeing a better way. > > This is really what's missing...a healthy set of competing utilities and > policy > writing tools. I've been toying with doing something along the lines of > firewall > builder in my spare time. Steve - I agree with you here. The underlying policy language does a good job of representing the SELinux model, but policy writers need some tools and frameworks to allow them to work at a higher level and more directly encode the security goals they care about. This might, for example, allow them to focus on how information flows through an email relay so that they can ensure that every email must pass through a virus scanner. For an experienced policy writer, I assert that it is fairly straightforward to accomplish this in the existing policy language, but for others some more support is necessary. We are actively working on this problem and have some interesting concepts in development. I hope that we will have something more concrete to share in the coming months. Karl Karl MacMillan Tresys Technology http://www.tresys.com (410)290-1411 ext 134 > Gotta clear a back-log of projects first, > though. > > -Steve Grubb > > > > _______________________________ > Do you Yahoo!? > Declare Yourself - Register online to vote today! > http://vote.yahoo.com > > -- > fedora-devel-list mailing list > fedora-devel-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-devel-list
