Proposal: Improving SELinux <--> user interaction on Fedora - Kerneloops for SELinux
Stewart Adam
maillist at diffingo.com
Tue Jul 22 00:04:58 UTC 2008
With all due respect, you've completely missed the point. In many cases,
casual users are their own system admin (home machine). Yes, the man
pages exist but the whole point of improving SELinux <--> user
interaction is to avoid exactly that. Things need to be more user
friendly and human-readable so the casual user can understand SELinux
instead of getting frustrated and disabling it.
Stewart
On Mon, 2008-07-21 at 17:34 -0400, max bianco wrote:
> On Thu, Jul 17, 2008 at 7:26 PM, Ahmed Kamal
> <email.ahmedkamal at googlemail.com> wrote:
> > I'd say I am a pretty knowledgeable Linux user. However, when I see an
> > AVC denial, and the recommended chcon doesn't fix it, I'm pretty much
> > lost! I need to launch that server or that application NOW, and
> > selinux is stopping that ... and the policy won't be fixed for days,
> > it won't even be fixed at all if that's a 3rd party app! I need
> > something to help me launch my apps if I so choose! a 95% selinux
> > protected system, is so much better than one with it disabled, which
> > what I always seem to end up doing to get my work done!
> >
> The tools to fix this already exist.
>
> man audit2allow
> man ausearch
>
> The man pages explain things pretty well. If I can read them and fix
> my own problems so can any competent sysadmin.
> ausearch can be used with audit2allow to generate the needed rules.
> The rules shouldn't be blindly accepted but they can get you buy for
> the moment.
> Its all documented in the man pages, every step. SysAdmins need to get
> used to SELinux and use the available troubleshooting tools. The Z
> option is available on a few commands.
>
>
> Max
> --
> If opinions were really like assholes we'd each have just one
>
More information about the devel
mailing list