On Thu, Oct 28, 2010 at 08:59:41PM -0800, adam bultman wrote:
>
>
> On 10/28/2010 08:21 PM, Christopher Howard wrote:
> >
> > I'll never go near SELinux again, so help me. AppArmor looks more along the lines of what I was thinking.
> >
> >
> Your loss. SELinux is great, and will only help you if you understand
> how it operates.
>
> --
> Adam
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
Perhaps my quick judgment on SELinux was uncalled for. Let me step back and try to communicate what I want. This is what it looks like in an imaginary scenario:
I install three applications today: OpenOffice, FrozenBubble, and Nexuiz. Then I say, "When I run OpenOffice, it should have access to my printer, but it should not have access to the Internet. Frozen bubble does not need access to my printer or to the Internet. Nexuiz should have access to Internet (for game networking) but does not need access to my printer." I enter a few commands on the CLI, and from that point on, each time I run those programs, they only have the level of access to the system that I granted to them.
That's all I want -- simple, easy, practical. I'm not looking for some huge, complicated system that requires a degree to operate properly and safely, and that screws with the system so much that everyday system config tasks become a huge chore.
So, will SELinux give me what I want? AppArmor? ...?
-- Christopher Howard frigidcode.com theologia.indicium.us --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Fri Oct 29 09:13:08 2010
This archive was generated by hypermail 2.1.8 : Fri Oct 29 2010 - 09:13:08 AKDT