SELinux removed from desktop cd spin?
Jakub 'Livio' Rusinek
jakub.rusinek at gmail.com
Wed Jan 16 20:12:25 UTC 2008
2008/1/16, Daniel P. Berrange <berrange at redhat.com>:
>
> On Wed, Jan 16, 2008 at 08:57:56PM +0100, Valent Turkovic wrote:
> > Hi,
> > I believe that SELinux is a great linux server security hardening tool
> > but that has little use in desktop linux usage and it confuses
> > ordinary desktop users.
>
> It is of great use in a desktop spin. On my 'desktop' install for my
> laptop I have many many system daemons running under a confined domain
>
> auditd
> console-kit-daemon
> crond
> cupsd
> dbus-daemon
> hald
> init
> libvirtd
> NetworkManager
> rklogd
> rpcbind
> rpc.statd
> rsyslogd
> /sbin/dhclient
> /sbin/mingetty
> /sbin/udevd
> /usr/bin/nm-vpnc-service
> /usr/sbin/acpid
> /usr/sbin/dnsmasq
> /usr/sbin/gdm-binary
> /usr/sbin/hcid
> /usr/sbin/smartd
> /usr/sbin/sshd
> /usr/sbin/wpa_supplicant
>
>
> > If it hasn't been discussed before I would like to propose that on
> > desktop cd spin SELinux is not installed by default, of course after
> > discussion and approval from you (fedora devels).
>
> No. SELinux provides very real & important protection for desktop users.
>
> Dan.
> --
> |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496
> -=|
> |=- Perl modules: http://search.cpan.org/~danberr/
> -=|
> |=- Projects: http://freshmeat.net/~danielpb/
> -=|
> |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B
> 9505 -=|
>
> --
> fedora-devel-list mailing list
> fedora-devel-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-devel-list
>
Yes, it protect internet connection from being shared, protects system from
drivers, needed for some hardware and protects system from everything
useful.
It's question of policy, but SELinux on LiveCD maked me stupid in my
brother's eyes.
I wanted to show him internet connection sharing via superb user friendly
tool, which appeared in F8, but SELinux blocked my changed... Nice.
--
Jakub 'Livio' Rusinek
http://liviopl.jogger.pl/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/devel/attachments/20080116/d6bbe408/attachment-0002.html
More information about the devel
mailing list