On Mon, Mar 31, 2008 at 05:48:31PM -0700, Andrew Farris wrote:
An assumption that is dangerous. I understand prior bad selinux
issues can
leave you feeling that way, but consider how similar it is to just 'click
ok for everything' in Windows? Yes.. prior experience would tell you its
something you have to do for it to work, but its also exploited by
malicious code. Assuming every selinux audit is a bug or just selinux
being annoying is a terrible mindset.
Err, yes. So the $64,000 dollar question is:How can we prevent SELinux from
imparting that mindset upon nearly everyone who uses it? Not by telling
them to run something and file dozens of bug reports, that's for sure.
--
Matthew Miller mattdm(a)mattdm.org <
http://mattdm.org/>
Boston University Linux ------> <
http://linux.bu.edu/>