https://bugzilla.redhat.com/show_bug.cgi?id=1180524
Bug ID: 1180524 Summary: confining users section unclear Product: Fedora Documentation Version: devel Component: selinux-user-guide Assignee: mprpic@redhat.com Reporter: nmavrogi@redhat.com QA Contact: docs-qa@lists.fedoraproject.org CC: mprpic@redhat.com, pkennedy@redhat.com, zach@oglesby.co
The section 6 (confining users) in Fedora 21 documentation of SELinux is very unclear.
1. What does confining mean actually? How are they confined? What capabilities these user lose? These are crucial information, never discussed in the text.
2. In fedora with "seinfo -u" I see several selinux users. These, along with the limitation each has, are never discussed.
3. "6.5. xguest: Kiosk Mode": I miss some technical info on the restrictions of the xguest account. What that user can't do and what can it do. Without that information the text could just say, trust us we've done everything for you (nothing bad with it, except that in technical documentation you expect more).
4. I miss a "confining a server process/app" section. This is a very common usage for selinux but no information is provided about that at all. Can I put some server in a confined state, as the documentation discusses with the user? Do we provide some preconfigured selinux users, roles, types for that purpose? What about the sandbox tool we ship? That would be the information I'd expect from such a section.