On Jan 5, 2008 12:33 AM, Ralf Corsepius <rc040203@xxxxxxxxxx> wrote: > > On Fri, 2008-01-04 at 12:07 -0500, John Dennis wrote: > > Ed Swierk wrote: > > > People who already know about SELinux can of course just learn to type > > > ls -l --lcontext, but showing the extra information by default would > > > at least give clueless users like me a hint that files have these > > > extra attributes that might somehow be relevant to those strange > > > openvpn failures. IMHO this would be the single best usability > > > improvement to SELinux > > > > Re SELinux usability issues: > > > > We wrote the setroubleshoot package precisely to help SELinux novice > > users so they wouldn't suffer with hidden obscure failures of the type > > which have frustrated you. If it had been installed you would have > > received notifications in real time on your desktop describing the > > failure and suggestions on how to fix it. > Well, honorable goal, but does it actually achieve this goal? > > * On one machine (FC8/x86_64), for me, all setroubleshoot does is to die > shortly after bootup and first-time login (I haven't tried to > investigate, but as it seems to me some serelated daemon is > segfaulting). You don't possibly think that this is the regular behaviour of setroubleshoot on which you cna judge it? > * Is it appropriate to inform arbitrary ordinary users about SELinux > issues? May-be this on single user/non-networked machines, but I don't > think this is the right concept for a networked environment in which > "ordinary user" normally isn't the system admin. I'm not sure i understand the criticism here. -- Fedora 7 : sipping some of that moonshine ( www.pembo13.com ) -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
