Another suggestion, is when something breaks because of selinux, and I get a balloon about it. However, I am unable to modify selinux policy to "correctly" fix that problem. The suggestion is to allow the user a mechanism to launch the affected program in selinux-free mode ( like launch as administrator from the Vista world!). Basically, selinux builds very tight walls around the system, the end user, needs a hammer to break some of these walls to get his work done. If we don't provide the hammer, he'll end up turnning it off completely!
On Thu, Jul 3, 2008 at 11:29 AM, Alan Cox <alan@xxxxxxxxxx> wrote:
On Wed, Jul 02, 2008 at 05:20:50PM -0400, Jon Masters wrote:How will you know you have "fixed" it if you have the bits in question
> I think the only way to "fix" it for the foreseeable future is to
> simplify policy, so that only a very limited set of services are
> confined. Then, when the graphical tools and user experience have
> eventually caught up, it'll be trivial to switch policy again.
turned off - you won't. You have no meaningful way to make progress.
Sorry if I sound fed up of all of this but I spent 9 months fighting people
years back to get firewalling enabled by default, and that had all the same
arguments. Today nobody (even Microsoft) would propose otherwise.
This is the same thing ..
As to Setroubleshoot it would be nicer if it spoke more "end user" ese and
could prompt/fix common mislabelling (eg html files)
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
