A great article on why to use SeLinux

Konstantin Svist fry.kun at gmail.com
Sat Mar 1 05:49:18 UTC 2008

Bruno Wolff III wrote:
> On Fri, Feb 29, 2008 at 16:42:34 -0800,
>   Konstantin Svist <fry.kun at gmail.com> wrote:
>> People mentioned on this list that selinux errors are fixed really fast 
>> - so I decided why not submit a few into redhat bugzilla?
> Remember that not all errors reported by selinux are selinux problems.
> Some are the apps doing things they shouldn't and those need to get
> fixed by the app maintainer, not the selinux guys.

But then what am I, as the end-user, supposed to do? Supposedly, if the 
app isn't fixed right away, I should allow the activity by creating a 
rule -- but there doesn't seem to be an easy way of doing that.
In essence, as the article says, selinux is well-suited for servers, not 
for desktops. Though I doubt how well it's suited for servers, since you 
still need to be able to do some voodoo ritual to get the server stuff 
working. If it's not common knowledge or completely automated, it's 
pretty much useless.

More information about the users mailing list