Hi, On 07/30/2010 01:12 PM, Camilo Mesias wrote: >> SELinux is very configurable, and its various protections can be >> turned on and off for each individual case. > > That's interesting, I think the last problem I ran into was having to > set a boolean to get Picasa3 to run. This wasn't the whole fix, just > one step. I was under the impression that my choice would affect the > whole system. That seems to be true. > I would have preferred to make that setting just for > Picasa3 (not even just for Wine). I started a BZ report 527147 once > along similar lines. The trouble is that there is so much bad advice about. Dan Walsh's blog at http://danwalsh.livejournal.com/37067.html explains what's needed. > In fact I think the ideal user experience would be more along the lines of... > > User-> installs Picasa3 using yum and the google testing repo > User-> runs Picasa3 > Fedora-> SELinux violation, 'picasa' is trying to mmap_low and this is > a security risk. Please choose > (a) disallow this every time (the safe option) > (b) allow it this time only, ask next time > (c) allow this every time > > The user can then make a choice without making wide reaching changes > to security. Bear in mind a user might well try something like this > only to decide to use another program instead (shotwell?) and it would > be a shame to leave behind SELinux config after the program is > uninstalled. That would be nice. What would be really nice is if you would attach this reply to Dan Walsh's blog. I want to know what he says! :-) > I am quite tempted to reinstall sometime and try the restorecon -R -v > /opt to see if it works, and make a flurry of BZ entries for > everything else SELinux related as I install Spotify and Picasa3. > Everything else works so well in F13 I think there's just a short way > to go to bring SELinux to the same level. As I said on-list, Picasa works for me out of the box. Andrew. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
