On Thu, 2008-01-17 at 07:13 +1000, Dave Airlie wrote: > On Wed, 2008-01-16 at 16:00 -0500, Alan Cox wrote: > > On Wed, Jan 16, 2008 at 08:57:56PM +0100, Valent Turkovic wrote: > > > I believe that SELinux is a great linux server security hardening tool > > > but that has little use in desktop linux usage and it confuses > > > ordinary desktop users. > > > > Desktop users are the people it is most important for. If it is still confusing > > people we need to fix the confusions. Perhaps you can explain more ? > > > > > > We made one big mistake with SELinux, selinuxalert or whatever it is > called... we haven't learned from the MAC vs Windows ads... we now have > an app that puts us squarely into the Windows lack of usefulness camp. > > "hey user this app is doing something bad. do you want to let it do > it?"_t. > > Dave. A difference though is that while we do pop up that little window which exposes the inherent complexities of the underlying operating system we attempt to explain in human readable format what is going on (sometimes we fail, just read this thread). I must admit some of it must seem very cryptic, but that cryptic information is what the selinux developers need to actually asses and fix the issue. We could hide it on the mian screen, but then every BZ that got filed would have a first responce of 'please include the useful information hidden behind the 'developer information' button. But more importantly we are working towards having that application never show up unless it is a well known tunable the user may want to flip or there is something going severely wrong. Installing a new program selinux has never heard of should not cause selinux problems (ok, if the app does something terrible with memory maybe.) We only pop up that dialog for applications we 'think' we already know everything it needs to do. I wish it popped up less but we get closer and closer to the goal every day. Thanks Dan. -Eric -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
