A great article on why to use SeLinux
Konstantin Svist
fry.kun at gmail.com
Sat Mar 1 05:49:18 UTC 2008
Bruno Wolff III wrote:
> On Fri, Feb 29, 2008 at 16:42:34 -0800,
> Konstantin Svist <fry.kun at gmail.com> wrote:
>
>> People mentioned on this list that selinux errors are fixed really fast
>> - so I decided why not submit a few into redhat bugzilla?
>>
>
> Remember that not all errors reported by selinux are selinux problems.
> Some are the apps doing things they shouldn't and those need to get
> fixed by the app maintainer, not the selinux guys.
>
>
But then what am I, as the end-user, supposed to do? Supposedly, if the
app isn't fixed right away, I should allow the activity by creating a
rule -- but there doesn't seem to be an easy way of doing that.
In essence, as the article says, selinux is well-suited for servers, not
for desktops. Though I doubt how well it's suited for servers, since you
still need to be able to do some voodoo ritual to get the server stuff
working. If it's not common knowledge or completely automated, it's
pretty much useless.
More information about the users
mailing list