SELinux on Fedora 17 - troubles, troubles, troubles, ...
Gilboa Davara
gilboad at gmail.com
Thu Jul 19 09:40:09 UTC 2012
On Thu, Jul 19, 2012 at 12:24 PM, Mateusz Marzantowicz
<mmarzantowicz at osdf.com.pl> wrote:
> Why is using of SELinux on Fedora (I don't have experience with other
> distros) so painful from a regular user perspective?
>
> I'm talking about situation in which after installing stock packages and
> "just running" applications I'm spending more time with SELInux Alert
> Browser than any other system management utility.
>
> You'd probably say that it's my fault, that I messed up with selinux
> settings (yes, I confess, I've enabled samba sharing on some of my
> directories under home but I've done this based on official Wiki) but
> actually I only followed instructions from alert browser. I've applied
> custom policies for one or two files that I then removed after one or
> two hours.
>
> I think that right now my system is as secure as with selinux disabled
> because of all that modification that I've made. I'm not an idiot but I
> really can't track all security policies that are active in my desktop
> system used for daily work.
>
> Do I really need to became security expert specialized in SELInux to use
> my system? I started reading about selinux design and configuration but
> I think it's a waste of time. My current selinux problem is caused by
> systemd-tmpfiles trying to cleanup my /tmp dir where I copied some files
> from home directory to play with and ... left them for automatic
> cleanup. Solution is obvious - remove files form /tmp manually but then
> autoremover mechanism provided by Fedora is redundant.
>
> Is there a chance that someday users will use selinux without even
> noticing it's installed?
You do understand that ranting (as opposed to reporting bugs / sending
fixes / etc) will get you nowhere, right?
- Gilboa
More information about the users
mailing list