One of the defining features of Google's Chrome web browse is its sandboxing feature. You probably won't realise it's there, but from a security point of view, sand-boxing is one of the most impotant factors in browser security, as it severely limits the amount of damage a security hole can do: sure, you've got a hole in the browser, but thanks to sandboxing, you're pretty much locked in - until you break out of the sandbox, of course. Sandboxing on the Windows variant of Chrome was a "complicated affair", says Chromium developer Jeremy Moskovich, but for the Mac version, it's all a bit easier and more straightforward. On Linux, however, it's a mess.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2009-02-19
I had a Sidux Linux installation, with a separate /home partition. I installed Fedora 10 over Sidux, and tried to re-use my home partition. SELinux wouldn't let me log in. I created a new home directory for that user. No dice. I struggled with it for two hours. I turned off SELinux. A security solution that takes longer to correctly configure than the OS took to install is highly impractical, to be kind. (Or, rather, that to longer to figure out it was never going to work and turn off than the OS took to install.) It didn't help that, in true KDE fashion, there was more than one GUI app to control SELinux, and no clear guidance on which to use (the configurer I found first was a set-up wizard: the option to turn SELinux off was somewhere else entirely).
Member since:2006-04-18
I had a Sidux Linux installation, with a separate /home partition. I installed Fedora 10 over Sidux, and tried to re-use my home partition. SELinux wouldn't let me log in.
CentOS5/RHEL5 throw various SElinux errors if home directories are on NFS. Not very enterprise-y of them...
Member since:2005-07-06
Member since:2005-07-06
SELinux causes 'a lot' of issues for people, and it is highly debatable whether the effort is worth it. Even worse, configuring SELinux is like nothing you will ever do anywhere else on a Linux system.
SELinux very complex and not very well documented, no, I don't want to have to create runtime policies as a response to everything and its configuration and APIs for actually getting it to work are very, very poor. It just isn't worth the effort.
Member since:2007-03-06
Member since:2005-07-06
SELinux very complex and not very well documented, no, I don't want to have to create runtime policies as a response to everything and its configuration and APIs for actually getting it to work are very, very poor. It just isn't worth the effort.
Efforts have been made to document SELinux on Fedora 10 that can be seen on :
http://docs.fedoraproject.org/selinux-user-guide/f10/en-US/index.ht...
There is a SELinux team ready to help as I have found after addressing a bug report. There is a feeling that some "expert" users are reluctant to admit they need help.
Member since:
2005-08-07
My first question would be more along the lines of "what the hell are you doing that SELinux complains that much?" There is no way SELinux should be causing that much issues for you... SELinux hasn't been an issue for a long time now