[Bug 1180524] New: confining users section unclear

[bugzilla at redhat.com]

https://bugzilla.redhat.com/show_bug.cgi?id=1180524

            Bug ID: 1180524
           Summary: confining users section unclear
           Product: Fedora Documentation
           Version: devel
         Component: selinux-user-guide
          Assignee: mprpic at redhat.com
          Reporter: nmavrogi at redhat.com
        QA Contact: docs-qa at lists.fedoraproject.org
                CC: mprpic at redhat.com, pkennedy at redhat.com,
                    zach at oglesby.co



The section 6 (confining users) in Fedora 21 documentation of SELinux is very
unclear.

1. What does confining mean actually? How are they confined? What capabilities
these user lose? These are crucial information, never discussed in the text.

2. In fedora with "seinfo -u" I see several selinux users. These, along with
the limitation each has, are never discussed.

3. "6.5. xguest: Kiosk Mode": I miss some technical info on the restrictions of
the xguest account. What that user can't do and what can it do. Without that
information the text could just say, trust us we've done everything for you
(nothing bad with it, except that in technical documentation you expect more).

4. I miss a "confining a server process/app" section. This is a very common
usage for selinux but no information is provided about that at all. Can I put
some server in a confined state, as the documentation discusses with the user?
Do we provide some preconfigured selinux users, roles, types for that purpose?
What about the sandbox tool we ship? That would be the information I'd expect
from such a section.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.