On 12/8/2010 11:38 AM, Lamar Owen wrote:
But your question was what to do if you choose to ignore the simple and available tools - things available and well understood on many platforms.
VM = complex. Not to mention proprietary (for all but KVM) and resource-wasteful. Switch User = inconvenient to the extreme, and disruptive of normal workflow.
I've done both, and neither are workable solutions for the majority of users, especially on the desktop. Both are more complex than SELinux *could* be, with some effort.
*And* standards for the locations every application is permitted to access.
Sounds like a budding standard to me, and something worth learning.
Standards committees have their ways of breaking all previous existing implementations with their final decrees. Let me know when they are finished.