-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Valent Turkovic wrote: > On Jan 16, 2008 10:13 PM, Dave Airlie <airlied@xxxxxxxxxx> wrote: >> On Wed, 2008-01-16 at 16:00 -0500, Alan Cox wrote: >>> On Wed, Jan 16, 2008 at 08:57:56PM +0100, Valent Turkovic wrote: >>>> I believe that SELinux is a great linux server security hardening tool >>>> but that has little use in desktop linux usage and it confuses >>>> ordinary desktop users. >>> Desktop users are the people it is most important for. If it is still confusing >>> people we need to fix the confusions. Perhaps you can explain more ? >>> >>> >> We made one big mistake with SELinux, selinuxalert or whatever it is >> called... we haven't learned from the MAC vs Windows ads... we now have >> an app that puts us squarely into the Windows lack of usefulness camp. >> >> "hey user this app is doing something bad. do you want to let it do >> it?"_t. > > I wish it was that easy when I installed fluendo codes I couldn't play > my multimedia because SELInux blocked it (nobody tested it even that > fedora 8 advertised fluendo codec support as one of its new shiny > features). > selinux troubleshoot tool it still to hard for ordinary desktop users. > I see the real benefit of SELinux troubleshoot tool for admins using > RHEL of fedora on their servers but on desktop I hardly see any point. > > I will bet anybody who wants that Fedora live cd users will have more > trouble from using SElinux than benefit. Also that ubuntu, opensuse > and other distros that don't use SElinux won't be in trouble from some > 0day exploit. > > Valent. > # setsebool -P allow_execmod=1 THis will turn off checking for badly coded shared libraries. (fluendo codecs and others.) Also make sure you are up2date with the latest policy. Finally make sure /var/log/ has the right context. restorecon -R -v /var/log logrotate had a bug where it was loosing file context. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkePhXoACgkQrlYvE4MpobN6BACg62mp19pUufL5EwKUhGSLcaww xZ0AoMHcROWszGaH17h/07SbPrFshfVM =SNMc -----END PGP SIGNATURE----- -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
