2009/12/8 Konstantin Ryabitsev <icon@xxxxxxxxxxxxxxxxx>: > >From the point of view of security usability, this is cardinal sin: > > http://file.status.net/identica/tieguy-20091208T063036-ngc2rhp.png > > If we start the warning message with "SELinux has detected suspicious > behaviour on your system" and end it with "You can safely ignore this > avc," then we are doing everyone a nasty disservice. Please, let's fix > it as soon as possible. I understand the need for SELinux to log > things purely for auditing purposes, but the user must NOT see those > alerts, or we'll condition everyone to just dismiss them. > > I'm fairly certain this is a bug, but I've not yet bz'd it, as I > wanted to make sure that this is not "intended behaviour." If it is then it is proof of insanity. I shy away from any "Yet Another SELinux Rant" type stuff but this is plain ridiculous. I had Gnome-terminal up this morning and was shelled into a remote box. Thats it. Then I got a warning of the above - something to do with bash and prelink. Couldn't care less really. The end result is me disabling SELinux on my box. Sorry, I don't have time or inclination to file a bug on this constant irritant ever since it was introduced as nobody seems to take notice. Instead I'm asked to: # chcon_text_rel_slib insert_irritating_long_option_here add_some_random_characters_for_good_measure_}{)(&)(*^&^$%$"1 or something. SELinux was quite good on F11 and F12. Now it would seem it is starting to regress again. </rant> -- Christopher Brown -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
