SELinux blocking Gizmo on FC5
A.J. Bonnema
abonnema at xs4all.nl
Sun Apr 2 07:31:13 UTC 2006
Michael Wiktowy wrote:
> I just fixed my problem with
> chcon -t texrel_shlib_t /usr/lib/libsipphoneapi.so.0.78.20060211
> I am not exactly sure what that does though.
Craig,
I wonder how many people do these statements without understanding the
implications? How secure would that be?
On this line, what we actually need is some kind of easifier /
dumbifier, if you get my meaning. So it is obvious what the implications
are.
Think of implementing an application: no user fully understands the
implications of that application, even less are they able to check these
implications: they trust the builders. Obviously, this is inherently
insecure. (example? One of the anti-virus vendors had parts of a rootkit
implemented, creating a possible security hole. The software was
generally trusted by users to be secure).
Now, back to SELInux, I suspect that in general non-admin user can not
fully understand what he/she is doing when doing a chcon or changing a
policy.
So, what we need is some sort of high translation of the implications,
so that even non-programmer, non-admin users can understand what they
are doing on a bit of a higher level than what is currently possible.
Would it be possible to have a non-technical layer around SELInux so
that users can have a more high level view of their security than admins
have?
[Regretfully, many users are admin by default, but not by choice, i.e.
home users. They need the high level view...]. Meaning, a user can
change the system (high-level) and still know what he/she is doing
(high-level).
Guus.
--
A.J. Bonnema, Leiden The Netherlands,
user #328198 (Linux Counter http://counter.li.org)
More information about the users
mailing list