On 07/12/2017 06:26 AM, mcatanzaro@xxxxxxxxx wrote: > I kinda agree here (though I am a bit surprised, as I did not think you > were a very big SELinux fan). We absolutely could be investing more in > SELinux. But we have not been. Very few applications actually have > SELinux profiles, and they are all maintained downstream rather than > upstream. The volume of erroneous SELinux denials in Bugzilla is too > high, and the response time for fixing them too slow. SELinux profiles > work best when they are maintained upstream by application developers > who are familiar with SELinux, not by SELinux developers who are > unfamiliar with the application. But application developers who are > familiar with SELinux basically do not exist, and never will. So it > would be useful to have a general sandbox that works for the vast > majority of desktop apps. On the other hand, most upstreams, even if they know about SELinux, will rarely adopt restrictive policies. They are also not modular in the sense that you can write a policies for an application without taking their library dependencies into account, or policies for libraries without examining how applications use the library. And when it comes to rarely used features, I don't think many upstreams would implement them and then prevent their use with a security policy. The app store model also assumes that the app store operator acts as some sort of gate keeper, so there has to be some policy enforcement at this level, too. It is not sufficient to pass through just what the application developer asked for. Thanks, Florian _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
