[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux should be off by default in FC3



On Thu, 07 Oct 2004 09:00:01 -0400, Stephen Smalley <sds epoch ncsc mil> wrote:
> Teaching users to use restorecon in the same manner as chmod/chown if
> they want to export data to one of the confined services like apache is
> not an undue burden.  

Education about needing to be aware of the contexts now is one issue,
but we are going to definitely need to expose the security context
information in the tools most people use to check file properties if
we want it to be easy to deal with.  I know ls in rawhide exposes the
contexts via -Z but I haven't poked around with nautilus to see if
security context information is exposed there. And of course having
nautilus be able to run the restorecon via a right click menu entry on
a directory or file is going to be needed for smooth operation for a
segment of the userbase.

And are there any tools aimed at helping users figure out what file
security context settings are needed for specific service/daemons?

-jef


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]