Re: Nautilus integration with SELinux
- From: Ivan Gyurdiev <ivg2 cornell edu>
- To: Alexander Larsson <alexl redhat com>
- Cc: nautilus-list gnome org, Daniel J Walsh <dwalsh redhat com>
- Subject: Re: Nautilus integration with SELinux
- Date: Wed, 01 Mar 2006 07:54:32 -0500
I think we want the users to be aware of SELinux and proactively manage
it. It would be nice if SELinux would auto-manage itself, without the
user needing to do anything, but it just doesn't work that way - it's
another permissions system, which does the right thing most of the time,
but needs oversight to do the right thing all the time.
I'm pretty sure most desktop users would never want to touch SELinux
settings (and I'd say the same of e.g. the setuid bit and the full unix
permission set). If they have to its probably because it "broke" in some
interesting way, and not because they had a wish to use it.
I think the permissions of the file are certainly more important than
say...emblems, or notes, or any of the other features Fedora nautilus
currently presents in the Properties dialog. If the file can't be
accessed properly by whatever needs to access it, then any emblems and
notes on it are useless to me.
I disagree with the second comment - there are plenty of reasons why I
might want to change the permissions on a file, other than "it broke".
If I want to share a document in any way with other people, it will need
the proper permission settings. If I want to restrict the way in which a
document is used above the current umask, I will need to change the
permissions. I suspect there are classes of users who are very
conscious of permissions and document security, and it would be wrong to
generalize that "users don't care about permissions".
Nautilus is a file manager/explorer. Its primary purpose is managing
files (at least to me), and the user chose to click on the file
Properties. That indicates that the user wants to look at any important
metadata about that file. After the "basic" page, and the "open with"
page, I think permissions are the most important properties page to
present. Nautilus should be moving in the opposite direction - provide
users with more powerful management utilities, rather than strip out
functionality further.
Putting something like selinux, that even many developers think is
overcomplicated black magic, in the main easy-to-use permissions UI
seems like a very poor choice.
I hear this assertion made repeatedly in places like fedora-devel,
without any specific suggestions to back it up.
There are many people working to make this technology better - it would
be nice if we could be told why this is "overcomplicated black magic,"
so we can correct the problem. We certainly aim to make SELinux easier
to work, and integration with nautilus is a step in that direction.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]