On Sat, 2005-01-15 at 10:32 -0500, Sean Middleditch wrote: > On Sat, 2005-01-15 at 17:29 +0530, Rahul Sundaram wrote: > > Hi > > > > > > - SELinux Episode III: Revenge of the AVC > > > > how about gui integration with gnome by letting nautllus show security > > contexts and manipulate them using chcon, fixfiles etc as the backend. > > That sounds like a pretty bad idea in general, actually - the last thing > you need is for the state of your file contexts to ever get out of sync > with your configuration files. Besides, you'd need to have some pretty > highly elevated privileges to even perform those tasks, and SELinux > eventually should probably make sure no GUI tool can ever even have > those privileges, except for the ones specifically designed for SELinux > administration (like you say below). Sword edge balancing time. There are a number of customizable types, that is, ones which an end-user might need to manipulate. These are a small set of the overall types, but they are important for sharing data over SMB, FTP, HTTP, etc. End users need to be able to run chcon. Just as with DAC, they may occasionally mess up the permissions. It would be nice for them if Nautilus supported chcon on the backend, while of course displaying the contexts. For anything that involves relabeling the file system, that sounds like it would be better used in an s-c-selinux that requires root/sysadm_r. - Karsten -- Karsten Wade, RHCE, Sr. Tech Writer a lemon is just a melon in disguise http://people.redhat.com/kwade/ gpg fingerprint: 2680 DBFD D968 3141 0115 5F1B D992 0E06 AD0E 0C41
