2008/7/22 David Nielsen <gnomeuser@xxxxxxxxx>: > > Any suggested solution that starts with "open a terminal" scares users, I understand. However I don't think adding an allow/deny button is the answer. I think the main problem is that most people don't understand what SELinux does, or more accurately how it does things. > additionally if they are required to be root in said terminal I would > hestitate to guess that we lose everyone except a bare minimum of users when > looking at the big picture - my mother surely should not be asked to do > this, the mere thought of her with the root password in hand terrifies me > add to that firing off random commands she has no idea what does - it's a > wonder Hollywood has yet to make a blockbuster horror movie following this > plot. It would make for a good movie:^) My mother uses Fedora and hasn't had any issues that were SELinux related. Email, music, web surfing are all she does. I doubt Aunt Tily is doing much more than that. > In terms of what SELinux does currently, it's an improvement over the > older releases but it's still far from being something I would let my mother > ticker with - and the policy currently has plenty of holes in terms of what > an average user might do, just the other day I discovered SELinux utter fail > when plugging in my iPod (this was fixed within days of being filed and as I > recall an update was pushed soon there after, so the response is generally > good but that is still some 2 weeks where aunt tilly can't use her iPod). > Should asking the user to drop to a terminal as root and issue commands > really be our first line of defence.. I certainly hope not. We really need > to be more proactive in gathering failures instead of relying on the user to > patch up the policy with mysterious cli magic. I agree a better job needs to done but until F9 it was optional was it not? Now you can turn it off but it is enabled by default, combined with the kerneloops twist this should be sufficient for now. These things need time to be effective and implementing allow/deny buttons in the meantime is a recipe for disaster, I have seen the results of not having good host security, it isn't pretty. A little pain now is worth it, a little foresight is all I am asking. An allow/deny button is expedient but it ultimately goes against good security practices. It would be nigh impossible to challenge Microsoft today if they had taken the pains to implement good security from day one. Windows is a security disaster. An allow/deny button will make Fedora a security disaster. The casual user is more likely to hit allow than deny, more likely to blindly implement a bad solution precisely because its expedient. The end user puts their trust in the engineer to anticipate their needs and keep them safe. The developer community needs to make a commitment to SELinux if the issues are going to get resolved. I don't mean waiting for Dan Walsh to solve your problems either. Everyone here should understand that it isn't magic. That's the view of of an end user without a clue. Its hard work to get it to just work. All I am seeing is suggestions of making it easier, lets take the expedient route and worry about the consequences later. This approach isn't going to benefit anyone in the long run. If there are issues then where are all the threads talking about these issues? If everyone is an expert policy writer then why are there issues? A big problem is not many end users know what SELinux does. The process isn't transparent enough. If you need to develop policy for your package then why not do it on list? People can see what's going on and more important people can learn. Mistakes are going to be made, it is a simple fact of life. If end users can see the policy development process, if they can see the developer's working on these issues then I believe you can expect at least two things. 1) More patience because they can see it being worked on 2) faster development of policy I imagine that at some point some Microsoft engineer made the argument that security should take precedence but he/she got overruled. All in the name of expediency, of making it easier for the end user. We'll worry about security later. No you won't. Later it will be harder to implement because it will break everything, security is part of good design. It has to thought of and built in from first step to last. Hopefully the new SELinux documentation project will help educate people and make life easier. I assume everyone here is aware of this effort. -Max > fedora-devel-list mailing list > fedora-devel-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-devel-list > -- If opinions were really like assholes we'd each have just one -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
