On Sun, 2008-10-26 at 16:29, David Nalley wrote: > I wish I could remember who to attribute this to, but someone on > -devel suggested that the same arguments occurred when firewalls were > really starting to become commonplace - a lack of knowledge of how to > manipulate and handle them caused repeated calls for their removal. > Mandatory Access Control isn't going away, and is really one of the > shining examples of Fedora leading the way with something and making > it far easier to use than it was. Wish I could be as optimistic but I'm not. SELinux has been trying to get to a truly useful state since FC2 and still causes more problems than it solves for too many end users. Are we expected to believe that it is about to finally 'just work?' Yes it is great for a locked down server, and it's something any sane admin should try to use where a server is exposed to the wild Internet. On a very basic desktop that doesn't change much or run many different applications it doesn't do much harm... but also doesn't do much good either. On a more power user desktop it will almost always blow enough stuff up to end up getting disabled in frustration. Compare and contrast to your example of enabling the firewall by default. That caused problems because it was done before good graphical tools to control the thing were ready so end users had problems. But any admin worthy of the name could deal with iptables wuth a manpage, vi (or emacs) and perhaps some Googling. The number of people who can write SELinux policy is still in the hundreds (at most) after five plus years of Red Hat pushing the technology as hard as it can. And this new idea of using log scraping tools to automatically generate policy is simply an admission of that lack of skilled humans. Anybody who thinks automatically generated policy is going to produce a secure system is delusional. If enough humans who deeply understand SELinux existed to be able to double check these auto generated policies they could probably have written the darned things themselves. Finally, the biggest objection is that it acts like alien technology bolted onto UNIX's security model as a totally different and parallel system. And like alien tech humans can't understand it, they are expected to treat it as a big black box and to just trust that it works and doesn't hose them at unexpected times. I can teach somebody the UNIX permission model in less than an hour. Learning the admin arcana of sticky bits, SUID, noexec mounts and such takes a few more hours. I read the O'Reilly book on SELinux and still don't think I understand it enough to write a sound policy. It is hard to trust things that one can't understand, especially a security system that I'm supposed to somehow administer. -- John M. http://www.beau.org/~jmorris This post is 100% M$Free! Geekcode 3.1:GCS C+++ UL++++$ P++ L+++ W++ w--- Y++ b++ 5+++ R tv- e* r -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
