On Jan 5, 2008 12:33 AM, Ralf Corsepius rc040203@freenet.de wrote:
On Fri, 2008-01-04 at 12:07 -0500, John Dennis wrote:
Ed Swierk wrote:
People who already know about SELinux can of course just learn to type ls -l --lcontext, but showing the extra information by default would at least give clueless users like me a hint that files have these extra attributes that might somehow be relevant to those strange openvpn failures. IMHO this would be the single best usability improvement to SELinux
Re SELinux usability issues:
We wrote the setroubleshoot package precisely to help SELinux novice users so they wouldn't suffer with hidden obscure failures of the type which have frustrated you. If it had been installed you would have received notifications in real time on your desktop describing the failure and suggestions on how to fix it.
Well, honorable goal, but does it actually achieve this goal?
- On one machine (FC8/x86_64), for me, all setroubleshoot does is to die
shortly after bootup and first-time login (I haven't tried to investigate, but as it seems to me some serelated daemon is segfaulting).
You don't possibly think that this is the regular behaviour of setroubleshoot on which you cna judge it?
- Is it appropriate to inform arbitrary ordinary users about SELinux
issues? May-be this on single user/non-networked machines, but I don't think this is the right concept for a networked environment in which "ordinary user" normally isn't the system admin.
I'm not sure i understand the criticism here.