[LINK] Study shows pop-up warnings are ineffective

Glen Turner gdt at gdt.id.au
Thu Oct 2 16:38:41 AEST 2008


> I like the concept; but for the average user SELinux is simply too hard.

I'd actually argue the opposite. It's more difficult to use on
a server than on a desktop. When running on the server there's
nowhere for the audit application to pop up a notice that
SELinux has blocked something and run a GUI admin tool.

> Frankly, for the average network admin it appears to be simply too hard.

I don't find the modern versions too bad (especially now that
installing a web server alters the associated SELinux rules).

> I've performed many audits of RHEL and CentOS installs (SELinux is
> enabled by default on current versions) where SELinux has been disabled
> by the admin. Why? It "wouldn't serve web pages" or "wouldn't serve
> email".

Same experience at this end. I expect it will improve as
SELinux more and more just works.

Best wishes, GLen




More information about the Link mailing list