First it should determine whether it is a missing TE rule or a disabled tunable / unset file type. If its a TE rule than it should only just ask a user if it can send the oops upstream. If it is a misconfiguration it should send the diagnose to root@localhost and tell a user to contact admin, or maybe prompt for a root password and or to auto configure or something…

I’ve observed many people install and use SE Linux machines without knowing anything about it, their machine just works.

The amount of skill required to run virtual machines is significantly greater than the skill required to run Firefox. So if you have that skill then being able to determine how to get SE Linux to work with it (which at a last result only requires asking on a mailing list) should not be too difficult.

There are always trade-offs between security and usability. The fact that most users don’t notice it’s presence indicates to me that SE Linux is not unfriendly to users.

Long time no see – I hope you’re well!

I suspect the point I’m about to make means I agree with you if I understand the point that you’re trying to make (if you see what I mean)!!

I’m a very firm believer in using the simplest tool possible to achieve the desired goals. In the case of your laptop – you have a single user system administered by an expert – therefore all the permissions models you currently require can be implemented using the standard unix security mechanisms. This situation is also not likely to change – you therefore have no need for the SELinux functionality and shouldn’t be using it. If I have a file server which thousands of people access daily then the permissions models will be more complex and SELinux may well be appropriate – its about having tools available to achieve the desired tasks.

The issues you’re seeing with SELinux are analogous to someone complaining that there Granny can’t drive an Articulated Lorry to the shops twice a week (or possibly that the engine from an artic doesn’t fit in her metro).

I think the point you’re making is that distributions shouldn’t turn on SE Linux by default. I guess I agree with that, but I think it depends more on what the distribution is targeted at. Whatever the default is, there should definitely be a simple and straightforward opt in/out at the point of installation.

I also agree that the support tools for SELinux suck – but then that’s why server ops get paid isn’t it?

*). I know what SE Linux is, and what it’s supposed to do. I’ve even read pieces of the kernel side implementation. I feel reasonably confident that I can moan

*). It’s not up to the “administrator” or “authorized personnel” to administer my laptop or home desktop system running Fedora. There is nobody else doing this in the vast majority of cases. Therefore, if you have to file a BZ with your distro every time you want to do something new (like open a VM on a different volume, and then also open a CD image too), you lose. If we’re going to have policy like this, it needs to be controllable with user-visible tools.