On Thu, Jul 19, 2012 at 1:11 PM, Mateusz Marzantowicz <mmarzantowicz@xxxxxxxxxxx> wrote: > > You do understand that ranting (as opposed to reporting bugs / sending > > fixes / etc) will get you nowhere, right? > > > > - Gilboa > > I also do understand that reporting a bug for each problem with selinux > I encounter in my system isn't going anywhere too. I'd also like to use > this valuable security mechanism. > > My original intention was to ask people on the list how do they deal > with selinux policy mess in their systems which is obvious, they have in > their configs after using Fedora for more than a month. Maybe it's about > finding "the path" or just right management tools which I'm missing. > > Currently my knowledge of selinux isn't that big as yours so I couldn't > simply differentiate between my fault and selinux policy bug. I also > think that users shouldn't be forced to know that kind of things. A couple of things. 1. In my experience SELinux maintainers are *VERY* responsive. Most (if not all) of the SELinux policy bugs that I opened were fixed within days if not hours. 2. IMO, Given the given the complexity of SELinux and given the huge amount of different use cases, SELinux will never simply work out of the box for every single Joe-six-pack with its own unique use case. (E.g. sharing home via SMB) Sure, a graphical semanage could do wonders to help regular users, but in the end, creating a tool that will simply train users to bypass SELinux errors by clicking next->next->next will simply make it as redundant (security wise) as Windows' UAC. In short, if you want the extra protection SELinux is offering, you'll have to learn to use it, fix it and report informational bugs about it. No way around it. - Gilboa -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org