[LINK] Study shows pop-up warnings are ineffective
Glen Turner
gdt at gdt.id.au
Thu Oct 2 16:38:40 AEST 2008
> I like the concept; but for the average user SELinux is simply too hard.
I'd actually argue the opposite. It's more difficult to use on
a server than on a desktop. When running on the server there's
nowhere for the audit application to pop up a notice that
SELinux has blocked something and run a GUI admin tool.
> Frankly, for the average network admin it appears to be simply too hard.
I don't find the modern versions too bad (especially now that
installing a web server alters the associated SELinux rules).
> I've performed many audits of RHEL and CentOS installs (SELinux is
> enabled by default on current versions) where SELinux has been disabled
> by the admin. Why? It "wouldn't serve web pages" or "wouldn't serve
> email".
Same experience at this end. I expect it will improve as
SELinux more and more just works.
Best wishes, GLen
More information about the Link
mailing list