On Mon, Jun 1, 2009 at 4:25 PM, Kevin Kofler <kevin.kofler@xxxxxxxxx> wrote: > max wrote: >> SELinux needs a lot of things but an allow button is not one of them. A >> better idea would be to use the recently created sandbox feature instead, >> offering to run the application in a generic sandbox, this way it may run >> without incident but you can be reasonably sure it isn't grossly violating >> policy. >> >> Of course the sandbox doesn't support X apps yet so it may or may not work >> but its better than just allowing according to setroubleshoot. Really RPM >> (package kit or whatever) should sandbox all applications upon >> installation that do not have policy in place or at least offer the option >> but undoubtedly people would complain about that feature. > > SELinux is already too restrictive No, its not ... it does not get in my way even thought I have stuff like confined nsplugin enabled (which are off by default). You have to provide specific cases so that they can be fixed. -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
