Selinux and Compiz: A SELinux rant

"Jóhann B. Guðmundsson" johannbg at hi.is
Tue Oct 28 11:13:56 UTC 2008 

<snip>
.......
</snip>

 From my experience things have gone a lot and I mean
a lot better but is still far away from perfection.

For the first time, I think it was the F10-beta I did not have
a single selinux report after *default* installation, now that
in itself is an achievement ( Let's hope it makes it so to final ).

I had to check if I had selinux in enforce mode here on my workstation
( F9 + I'm one of those that disables it if gets to much in my way of 
doing things)
and I do.

I'm not going to say I have not had to "tweak it a bit"
but it is running "silently" in the background now.

I think it's because of all the reports from the testers and
Dan's exceptional fast and good work on fixing things..

We of course have to continue feed him the reports we encounter
both from the official fedora repo's and and ( now ) rpmfusion  to 
have things fixed before it reaches the end-users.

When it comes to the reports that the novice end user receives
they are to technical orientated even thou I personally like to get
details, they are  perceived as gibberish from the end user that does
not understand selinux.

If we really want our end users to have good experience with selinux running
we need to add several things to setroubleshoot...

A)
Simplify the reports with an "Detail" button for us techies.

B)
Add a "Report" button that would file a selinux report to bugzilla. 
( Team Anconda has done this so the code is there just needs to be 
integrated I think. )

C)

 Add "Allow access" button that would execute the fix that 
setroubleshoot recommends
upon the end user provides the root password.  

The users going to do it anyway so why not make it easer for him to do 
so if he has 
the root password instead of having him open a terminal have the report 
open and type
in what's being recommended. users that dont have the root password  
could "Report" the issue.

D)
Add a "Fix" button that automatically restores the default system file 
context.

If you have any other suggestions on how to improve selinux experience 
please add your thoughts
to this thread or to the RFE I filed.  #Bug 468842

Issues wont get improved/fixed if we dont report them..

JBG
-------------- next part --------------
A non-text attachment was scrubbed...
Name: johannbg.vcf
Type: text/x-vcard
Size: 356 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-test-list/attachments/20081028/93aea507/attachment.vcf>

More information about the fedora-test-list mailing list