On 12/8/2010 11:38 AM, Lamar Owen wrote:
>
>> But your question was what to do if you choose to ignore the simple and
>> available tools - things available and well understood on many platforms.
>
> VM = complex. Not to mention proprietary (for all but KVM) and resource-wasteful.
> Switch User = inconvenient to the extreme, and disruptive of normal workflow.
>
> I've done both, and neither are workable solutions for the majority of users, especially on the desktop. Both are more complex than SELinux *could* be, with some effort.
*And* standards for the locations every application is permitted to access.
> Sounds like a budding standard to me, and something worth learning.
Standards committees have their ways of breaking all previous existing
implementations with their final decrees. Let me know when they are
finished.
--
Les Mikesell
lesmikesell at gmail.com