On Fri, 2008-01-04 at 12:07 -0500, John Dennis wrote: > Ed Swierk wrote: > > People who already know about SELinux can of course just learn to type > > ls -l --lcontext, but showing the extra information by default would > > at least give clueless users like me a hint that files have these > > extra attributes that might somehow be relevant to those strange > > openvpn failures. IMHO this would be the single best usability > > improvement to SELinux > > Re SELinux usability issues: > > We wrote the setroubleshoot package precisely to help SELinux novice > users so they wouldn't suffer with hidden obscure failures of the type > which have frustrated you. If it had been installed you would have > received notifications in real time on your desktop describing the > failure and suggestions on how to fix it. Well, honorable goal, but does it actually achieve this goal? * On one machine (FC8/x86_64), for me, all setroubleshoot does is to die shortly after bootup and first-time login (I haven't tried to investigate, but as it seems to me some serelated daemon is segfaulting). * Is it appropriate to inform arbitrary ordinary users about SELinux issues? May-be this on single user/non-networked machines, but I don't think this is the right concept for a networked environment in which "ordinary user" normally isn't the system admin. Ralf -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
