On Thu, Jul 17, 2008 at 3:24 PM, Ahmed Kamal <email.ahmedkamal@xxxxxxxxxxxxxx> wrote: > another idea, is when a denial occurs, and we get this nice balloon, > it would contain 2 buttons > - AutoFix: automatically attempts changing the offending file's > context, as per the recommended action Fair solution, setroubleshoot is normally on the money. > - Exempt: changes the policy such that the offended application runs > in an unrestricted selinux domain. While this would get the job done. It is really a bad idea as it makes having SELinux on useless for most folks -- they might as well just disable it Plus it reminds me of the deny||allow stories i hear about in MS Vista. > IMHO, the policies will never be perfect. Mortals can't really "fix" > the policy coz it's too complex. The Exempt is what the end users > need, or they turn off the whole thing -- Fedora 7 : sipping some of that moonshine ( www.pembo13.com ) -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
