Re: SELinux removed from desktop cd spin?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Valent Turkovic wrote:
> On Jan 16, 2008 10:13 PM, Dave Airlie <airlied@xxxxxxxxxx> wrote:
>> On Wed, 2008-01-16 at 16:00 -0500, Alan Cox wrote:
>>> On Wed, Jan 16, 2008 at 08:57:56PM +0100, Valent Turkovic wrote:
>>>> I believe that SELinux is a great linux server security hardening tool
>>>> but that has little use in desktop linux usage and it confuses
>>>> ordinary desktop users.
>>> Desktop users are the people it is most important for.  If it is still confusing
>>> people we need to fix the confusions. Perhaps you can explain more ?
>>>
>>>
>> We made one big mistake with SELinux, selinuxalert or whatever it is
>> called... we haven't learned from the MAC vs Windows ads... we now have
>> an app that puts us squarely into the Windows lack of usefulness camp.
>>
>> "hey user this app is doing something bad. do you want to let it do
>> it?"_t.
> 
> I wish it was that easy when I installed fluendo codes I couldn't play
> my multimedia because SELInux blocked it (nobody tested it even that
> fedora 8 advertised fluendo codec support as one of its new shiny
> features).
> selinux troubleshoot tool it still to hard for ordinary desktop users.
> I see the real benefit of SELinux troubleshoot tool for admins using
> RHEL of fedora on their servers but on desktop I hardly see any point.
> 
> I will bet anybody who wants that Fedora live cd users will have more
> trouble from using SElinux than benefit. Also that ubuntu, opensuse
> and other distros that don't use SElinux won't be in trouble from some
> 0day exploit.
> 
> Valent.
> 
# setsebool -P allow_execmod=1

THis will turn off checking for badly coded shared libraries.  (fluendo
codecs and others.)

Also make sure you are up2date with the latest policy.  Finally make
sure /var/log/ has the right context.  restorecon -R -v /var/log
logrotate had a bug where it was loosing file context.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkePhXoACgkQrlYvE4MpobN6BACg62mp19pUufL5EwKUhGSLcaww
xZ0AoMHcROWszGaH17h/07SbPrFshfVM
=SNMc
-----END PGP SIGNATURE-----

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux