Re: Another selinux rant

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2008-01-04 at 12:07 -0500, John Dennis wrote:
> Ed Swierk wrote:
> > People who already know about SELinux can of course just learn to type
> > ls -l --lcontext, but showing the extra information by default would
> > at least give clueless users like me a hint that files have these
> > extra attributes that might somehow be relevant to those strange
> > openvpn failures. IMHO this would be the single best usability
> > improvement to SELinux
> 
> Re SELinux usability issues:
> 
> We wrote the setroubleshoot package precisely to help SELinux novice
> users so they wouldn't suffer with hidden obscure failures of the type
> which have frustrated you. If it had been installed you would have
> received notifications in real time on your desktop describing the
> failure and suggestions on how to fix it.
Well, honorable goal, but does it actually achieve this goal?

* On one machine (FC8/x86_64), for me, all setroubleshoot does is to die
shortly after bootup and first-time login (I haven't tried to
investigate, but as it seems to me some serelated daemon is
segfaulting).

* Is it appropriate to inform arbitrary ordinary users about SELinux
issues? May-be this on single user/non-networked machines, but I don't
think this is the right concept for a networked environment in which
"ordinary user" normally isn't the system admin.

Ralf


-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux