On Tue, Oct 12, 2004 at 08:14:16PM -0500, Jerry Haltom wrote: > The daemon realizes that the action isn't allowed, but that it could be > allowed if the user consents to it, so the daemon pops up on the user's > desktop a nice dialog box, "The application Blah has attempted to > access the file /tmp/contact-socket (or whatever). Do you want to allow > this action?" Most likely t his dialog would ask for the user's > password again. Upon receiving a "Yes", SELinux would be instructed to > allow the program to access the socket. If the user presses Yes, the > process ceases being blocked, and goes on. In the case of No, the > process will probably die. ;0 [...] > What this does is let users do what they will do anyways: run the > program. You won't stop them, I won't stop them, and we probably > shouldn't. We should make it so they CAN without risk to their systems. What's to stop a user from always clicking "Yes"? What makes you think that those same users who download/open attachments that are executables without thinking/understanding the consequences will be any smarter when they are asked whether or not to allow a program to perform some obscure system internal function that they have even less of a chance understanding? I don't think it is advantageous to give the user choices they don't have any chance of understanding. The current Fedora strict SELinux policy already restricts some network-facing desktop applications, such as Mozilla.
