Re: Selinux and Compiz: A SELinux rant

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 27, 2008 at 18:55:38 -0500,
  John Morris <jmorris@xxxxxxxx> wrote:
> 
> Yes it is great for a locked down server, and it's something any sane
> admin should try to use where a server is exposed to the wild Internet. 
> On a very basic desktop that doesn't change much or run many different
> applications it doesn't do much harm... but also doesn't do much good
> either.  On a more power user desktop it will almost always blow enough
> stuff up to end up getting disabled in frustration.

SELinux has great potential for the Desktop user and will be even more important
for them than it is on the server. It provides a way for a user to run foreign
code that they have limited trust of and have some protection from that code.
(I.e. it can't do everything they can.) If we don't have some sort of mac
system and average computer users start flocking to linux, they are going to need
to run antivirus crap instead.

It also provides a way to provide guest access to your machine that is reasonably
safe.

Fixing problems with policy have gotten easier. Permissive domains is a big step.

There is work going on labelling network traffic so that you can enforce policies
in a networked environment rather than on just a single machine.

-- 
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: 
https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux