Re: Lyx and selinux

Thu, 19 Apr 2007 02:50:42 -0700 

José Matos wrote:

On Thursday 19 April 2007 8:30:58 am [EMAIL PROTECTED] wrote:

If you are not using your machine for very sensitive work, I don't think
you need to use security-enhanced Linux.


  Could you tell that to windows users who have malware and spyware? ;-)

  

Even plain linux is already much safer than windows. There are
reasons that linux desktops aren't full of malware and spyware.
And no - windows being the more common desktop is not the
biggest reason.

Windows is _designed_ with security holes like  executing code
from websites or email messages by default - for users that generally
have admin privileges.   They need privileges, or common programs will fail.
In that world, people think that an up to date virus scanner is
something every responsible computer owner should have, even though
such a thing only ever catch bad stuff after the fact. Also, the OS have

no package database and so no idea about what files are supposed to be 
there,

nor their checksums.  No clean uninstall and people think it is normal to
reinstall now and then to "clean up" and regain performance!

Linux is not like that.  Code generally don't run unless you install it.
The user account used for daily work don't have admin privileges.

And the email software generally don't run attachments. 
Virus scanners are unnecessary - as virus technology just won't work.

Perfect uninstalls and verification by file checksums are possible, at
least on some distributions. I have only ever reinstalled linux because
of a dead disk - and probably won't need to do that again thanks to raid-1.


  I consider my files to be sensitive data, not most of them but at least some 
of them. The purpose of selinux is to give another level of protection so a 
security-enhanced system is always a good thing. :-)



  

        https://www.nsa.gov/selinux/info/faq.cfm

(It would still be good if LyX worked well with SELinux)

    


  I agree.

  

Sure, nothing wrong with that.  But it seems to me that the problem must
be with SELinux in this case.  Once installed, LyX doesn't need special

privileges.  It needs access to the display, the printers, temp 
directories,

latex, a great variety of fonts, viewers and images conversion programs.


SELinux should not deny any of this - it is all "normal end-user 
activities".


Helge Hafting























					Reply via email to