Re: Nautilus integration with SELinux

[Ivan Gyurdiev <ivg2 cornell edu>]

> > I think we want the users to be aware of SELinux and proactively manage 
> > it. It would be nice if SELinux would auto-manage itself, without the 
> > user needing to do anything, but it just doesn't work that way - it's 
> > another permissions system, which does the right thing most of the time, 
> > but needs oversight to do the right thing all the time.
> >     
>
> I'm pretty sure most desktop users would never want to touch SELinux
> settings (and I'd say the same of e.g. the setuid bit and the full unix
> permission set). If they have to its probably because it "broke" in some
> interesting way, and not because they had a wish to use it. 
>   
I think the permissions of the file are certainly more important than 
say...emblems, or notes, or any of the other features Fedora nautilus 
currently presents in the Properties dialog. If the file can't be 
accessed properly by whatever needs to access it, then any emblems and 
notes on it are useless to me.

I disagree with the second comment - there are plenty of reasons why I 
might want to change the permissions on a file, other than "it broke". 
If I want to share a document in any way with other people, it will need 
the proper permission settings. If I want to restrict the way in which a 
document is used above the current umask, I will need to change the 
permissions.  I suspect there are classes of users who are very 
conscious of permissions and document security, and it would be wrong to 
generalize that "users don't care about permissions".

Nautilus is a file manager/explorer. Its primary purpose is managing 
files (at least to me), and the user chose to click on the file 
Properties. That indicates that the user wants to look at any important 
metadata about that file. After the "basic" page, and the "open with" 
page, I think permissions are the most important properties page to 
present. Nautilus should be moving in the opposite direction - provide 
users with more powerful management utilities, rather than strip out 
functionality further.

> Putting something like selinux, that even many developers think is
> overcomplicated black magic, in the main easy-to-use permissions UI
> seems like a very poor choice.
>   
I hear this assertion made repeatedly in places like fedora-devel, 
without any specific suggestions to back it up.

There are many people working to make this technology better - it would 
be nice if we could be told why this is "overcomplicated black magic," 
so we can correct the problem. We certainly aim to make SELinux easier 
to work, and integration with nautilus is a step in that direction.