On Wed, 2008-01-16 at 20:03 +0000, Daniel P. Berrange wrote: > On Wed, Jan 16, 2008 at 08:57:56PM +0100, Valent Turkovic wrote: > > Hi, > > I believe that SELinux is a great linux server security hardening tool > > but that has little use in desktop linux usage and it confuses > > ordinary desktop users. > > It is of great use in a desktop spin. On my 'desktop' install for my > laptop I have many many system daemons running under a confined domain Also, note that XACE/XSELinux has been merged to the trunk of xorg, so the ability of SELinux to confine desktop applications in interesting ways is only going to increase over time... > > auditd > console-kit-daemon > crond > cupsd > dbus-daemon > hald > init > libvirtd > NetworkManager > rklogd > rpcbind > rpc.statd > rsyslogd > /sbin/dhclient > /sbin/mingetty > /sbin/udevd > /usr/bin/nm-vpnc-service > /usr/sbin/acpid > /usr/sbin/dnsmasq > /usr/sbin/gdm-binary > /usr/sbin/hcid > /usr/sbin/smartd > /usr/sbin/sshd > /usr/sbin/wpa_supplicant > > > > If it hasn't been discussed before I would like to propose that on > > desktop cd spin SELinux is not installed by default, of course after > > discussion and approval from you (fedora devels). > > No. SELinux provides very real & important protection for desktop users. > > Dan. > -- > |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| > |=- Perl modules: http://search.cpan.org/~danberr/ -=| > |=- Projects: http://freshmeat.net/~danielpb/ -=| > |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=| > -- Stephen Smalley National Security Agency -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
