-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Arthur Pemberton wrote: > On Thu, Jul 17, 2008 at 4:07 PM, Ahmed Kamal > <email.ahmedkamal@xxxxxxxxxxxxxx> wrote: >> - Autofix seems like a good idea >> - Perhaps Exempt button should only appear, if AutoFix doesn't work >> (not sure how to detect that) >> - To avoid a system user clicking Exempt, perhaps Exempt should only >> exempt the application only this time. i.e., when the application is >> launched again, it will generate a selinux warning again. That way, >> the user still reports the issue to get it properly fixed, but at the >> time, has the tools to get his work done and his apps running when he >> needs them > > While this doesn't avoid the Vistaesque problem, it may be a fair > compromise to consider. > > One more issue however, is there any way to hide the unimportant > denials? There are some denials that have no observable side effects. > Sure if you could write code to understand that this is a denial without side effect. So far I have not figured out a way to do this. setroubleshoot does have an ignore button also. Which will allow a user to ignore avc's that he has deemed to be not important. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkiAkeIACgkQrlYvE4MpobNfJgCdGj9Gjsm7SxCBiTYj9GBDzRV5 A+4An1671n1pVR8FE/2d/LvEsuh/svKy =95Y+ -----END PGP SIGNATURE----- -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
