On Mon, Oct 27, 2008 at 18:55:38 -0500, John Morris <jmorris@xxxxxxxx> wrote: > > Yes it is great for a locked down server, and it's something any sane > admin should try to use where a server is exposed to the wild Internet. > On a very basic desktop that doesn't change much or run many different > applications it doesn't do much harm... but also doesn't do much good > either. On a more power user desktop it will almost always blow enough > stuff up to end up getting disabled in frustration. SELinux has great potential for the Desktop user and will be even more important for them than it is on the server. It provides a way for a user to run foreign code that they have limited trust of and have some protection from that code. (I.e. it can't do everything they can.) If we don't have some sort of mac system and average computer users start flocking to linux, they are going to need to run antivirus crap instead. It also provides a way to provide guest access to your machine that is reasonably safe. Fixing problems with policy have gotten easier. Permissive domains is a big step. There is work going on labelling network traffic so that you can enforce policies in a networked environment rather than on just a single machine. -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list