Re: Proposal: Improving SELinux <--> user interaction on Fedora - Kerneloops for SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2008-07-17 at 18:46 -0500, Arthur Pemberton wrote:
> On Thu, Jul 17, 2008 at 6:26 PM, Ahmed Kamal
> <email.ahmedkamal@xxxxxxxxxxxxxx> wrote:
> > I'd say I am a pretty knowledgeable Linux user. However, when I see an
> > AVC denial, and the recommended chcon doesn't fix it, I'm pretty much
> > lost! I need to launch that server or that application NOW, and
> > selinux is stopping that ... and the policy won't be fixed for days,
> > it won't even be fixed at all if that's a 3rd party app! I need
> > something to help me launch my apps if I so choose! a 95% selinux
> > protected system, is so much better than one with it disabled, which
> > what I always seem to end up doing to get my work done!
> >
> > PS: To all security-aholics, helping the user launch his apps and get
> > his work done, is every bit as important as having a well secured
> > system, if not a tad bit more important
> 
> While I understand your sentiments, I have problems empathizing with
> it as I haven't had such a problem with SELinux since FC2.
> 
> I do agree that having a user be able to launch an important
> app/service should take precedence, though I am not sure that a 80%
> SELinux protected machine is better than one with SELinux disabled --
> that's debatable I guess.

Now how do we distinguish between a user launching his essential work to
get done app, and a user being pwned. Both scenarios will look the same
and if both scenarios end up in a dialog box with exempt in it, the
guess what will happen.

Dave.

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux