Another selinux rant
Casey Dahlin
cjdahlin at ncsu.edu
Sun Jan 6 23:49:33 UTC 2008
Ralf Corsepius wrote:
> On Sat, 2008-01-05 at 01:36 -0600, Arthur Pemberton wrote:
>
>> On Jan 5, 2008 12:33 AM, Ralf Corsepius <rc040203 at freenet.de> wrote:
>>
>>> On Fri, 2008-01-04 at 12:07 -0500, John Dennis wrote:
>>>
>>>> Ed Swierk wrote:
>>>>
>>>>> People who already know about SELinux can of course just learn to type
>>>>> ls -l --lcontext, but showing the extra information by default would
>>>>> at least give clueless users like me a hint that files have these
>>>>> extra attributes that might somehow be relevant to those strange
>>>>> openvpn failures. IMHO this would be the single best usability
>>>>> improvement to SELinux
>>>>>
>>>> Re SELinux usability issues:
>>>>
>>>> We wrote the setroubleshoot package precisely to help SELinux novice
>>>> users so they wouldn't suffer with hidden obscure failures of the type
>>>> which have frustrated you. If it had been installed you would have
>>>> received notifications in real time on your desktop describing the
>>>> failure and suggestions on how to fix it.
>>>>
>>> Well, honorable goal, but does it actually achieve this goal?
>>>
>>> * On one machine (FC8/x86_64), for me, all setroubleshoot does is to die
>>> shortly after bootup and first-time login (I haven't tried to
>>> investigate, but as it seems to me some serelated daemon is
>>> segfaulting).
>>>
>> You don't possibly think that this is the regular behaviour of
>> setroubleshoot on which you cna judge it?
>>
> No, I am pretty certain it's an setroubleshoot and/or its infrastructure
> bug.
>
>
And have you done with this bug what I'm sure we all know we are
supposed to do with bugs we find? :P
--CJD
More information about the fedora-devel-list
mailing list