[CentOS] SELinux - way of the future or good idea but !!!

Thu Dec 9 00:22:04 UTC 2010
Christopher Chan <christopher.chan at bradbury.edu.hk>

On Thursday, December 09, 2010 06:55 AM, Lamar Owen wrote:
> On Wednesday, December 08, 2010 05:11:23 pm Warren Young wrote:
>> Let's not drag the desktop user into this discussion, too.
>
> Why not?  Are there no CentOS desktop users out there?  Are the needs of the desktop just to be ignored?  I support desktop Linux users who are not power users; works great for them.  They're thrilled to not have viruses.

+1

I possibly would have had Centos desktops strewn all over the school if 
it had met certain needs in a trial two years ago.

>
>> Long experience has shown that when Joe User tries to do Thing X and is
>> prevented, then a popup appears that in effect says "run this command to
>> make this popup go away and allow Thing X to happen", THEY WILL RUN THE
>> COMMAND.  It's so reliable an effect that you could make a killing if
>> any bookie were stupid enough to let you bet on it.
>
> Exactly.  That is precisely why you want controls to restrict what some random program can do, and thus remove the danger. In my three teenage childrens' vernacular, 'Well, duh!'
>
>> Please, let's keep this thread centered on professionally-managed
>> servers, the focus of CentOS, and thus hopefully this list.
>
> Who says that's the focus?  While I'm sure the majority of CentOS installs are for servers, the CentOS desktop does exist.  I know I have plenty of CentOS servers; I also have Linux desktops of more than one distribution scattered all over.

It is kind of true that the desktop is a bit neglected by Redhat in 
comparison to what it does for the server. But whatever. SELinux for the 
desktop is the same kind of challenge as it is for third-party applications.