On Thu, 2008-07-03 at 04:29 -0400, Alan Cox wrote: > Sorry if I sound fed up of all of this but I spent 9 months fighting people > years back to get firewalling enabled by default, and that had all the same > arguments. Today nobody (even Microsoft) would propose otherwise. > > This is the same thing .. > > As to Setroubleshoot it would be nicer if it spoke more "end user" ese and > could prompt/fix common mislabelling (eg html files) I agree with Alan here, that if selinux is indeed a great program to help secure the OS and anything else, it at least needs to be a LOT more user friendly. Ok, don't give me this MS to linux compare bit on what I am comparing next, it's the comparing of wording and concept it's done in, not details and stuff LOL. Anyway, Vista came out with that (I forget the damn program name) program that when certain programs/files run, you get a dialog box that you have to continue (to allow it to run) or cancel. Now, no this isn't exactly the same, but it is in a way. They both provide a little better security than with out it. BUT, in Vista, the user doesn't have to relabel something, or go to the CLI, or whatever. They get a little question stating this program wants to run, do you give it permission. That's it, nothing else (might not like that dialog all the time though, I am sure). And that is what I am trying to say for selinux, that it needs to allow things to do what they need, and if not, a simple little question or whatever to allow it. The user should NOT have to go to the CLI for anything. They shouldn't have to do this command or that command, JUST HIT YES OR NO!! Well anyway, not ranting or raving. Just trying to maybe help clarify what Jon was talking about, and what Alan was saying. SELinux I am sure is a wonderful thing, and just needs to be I guess, dumbed down or whatever so the user clearly understands what it is doing or not doing and to present the user with simple to do questions/answers/buttons or whatever to push/answer. -- Mike Chambers Fedora Project - Ambassador, Bug Zapper, Tester, User, etc.. mikec302@xxxxxxxxxxxxxxxxx -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
