LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Not really

Not really

Posted Jul 10, 2008 14:20 UTC (Thu) by jschrod (subscriber, #1646)
In reply to: Not really by kh
Parent article: SELinux and Fedora 

I agree with you mostly.

Concerning the error messages, in my experience, it is even worse: Not only are they not
sensible for an average desktop user, they are not even sensible for an experienced sysadmin
user! Therefore, using SELINUX on a desktop system is doomed to cause great pains for the user
community. (It bothers me only on an abstract level, though. On the desktop, I use SUSE...
:-))

But I don't think that the traditional Unix security model (easy as it is) can survive in the
long run. In our Internet-connected age the environment and associated threat model got more
complex, and such simple solutions won't be adequate in the long run. But I don't have any
idea how one can teach compartimentation and MAC to run-of-the-mill sysadmins and end-users
who are forced to be their own sysadmins.

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds