On Thu, Jul 17, 2008 at 2:17 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Stewart Adam wrote: >> Hi, >> >> After the recent SELinux discussion (and the several ones before it), >> it's pretty clear that users are having problems with SELinux but at the >> same time SELinux is an important aspect to system security so it isn't >> going anywhere. Instead of asking to turn SELinux off, let's work >> towards making SELinux "just work" since that will provide the good user >> experience and the extra security. >> >> I was thinking of ways that Fedora could improve user <--> SELinux >> interaction, and I thought that creating a kerneloops-like plugin for >> setroubleshoot would be a good way to collect data about denials. >> Similar to kerneloops, this would allow for statistics on where denials >> occur most and that way the policy can be modified accordingly. >> Ultimately, this leads to a better user experience with Fedora. I took a >> quick look at the setroubleshoot plugin system and it shouldn't be too >> hard to get this started but some extra more help would be great. >> >> Beyond this it would probably be good to rework the interface of >> system-config-selinux tool to make it easier to use for the average >> user. Sure, editing /etc/sysconfig/selinux is easy but the average user >> doesn't know how and shouldn't have to spend an hour trying to figure it >> out, especially if this is their first time using Linux. >> >> Feedback, ideas and comments are welcome. I'd like to know what you >> think before starting any work on any of this. >> >> Stewart >> > > John Dennis designed setroubleshoot to be able to send its messages to > an upstream collector, it seems to me that adding a button to report the > message upstream would be easy. The problem is where is the upstream > infrastructure to handle all the messages. > > dwalsh@xxxxxxxxxxx Is probably not a good place. I would think not. Does the infrastructure team have any web service or sorts that can accept these log messages? -- Fedora 7 : sipping some of that moonshine ( www.pembo13.com ) -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
