Selinux and Compiz: A SELinux rant
Bruno Wolff III
bruno at wolff.to
Tue Oct 28 23:50:07 UTC 2008
On Mon, Oct 27, 2008 at 18:55:38 -0500,
John Morris <jmorris at beau.org> wrote:
>
> Yes it is great for a locked down server, and it's something any sane
> admin should try to use where a server is exposed to the wild Internet.
> On a very basic desktop that doesn't change much or run many different
> applications it doesn't do much harm... but also doesn't do much good
> either. On a more power user desktop it will almost always blow enough
> stuff up to end up getting disabled in frustration.
SELinux has great potential for the Desktop user and will be even more important
for them than it is on the server. It provides a way for a user to run foreign
code that they have limited trust of and have some protection from that code.
(I.e. it can't do everything they can.) If we don't have some sort of mac
system and average computer users start flocking to linux, they are going to need
to run antivirus crap instead.
It also provides a way to provide guest access to your machine that is reasonably
safe.
Fixing problems with policy have gotten easier. Permissive domains is a big step.
There is work going on labelling network traffic so that you can enforce policies
in a networked environment rather than on just a single machine.
More information about the test
mailing list