Another selinux rant

[Ralf Corsepius]

On Sun, 2008-01-06 at 18:49 -0500, Casey Dahlin wrote:
> Ralf Corsepius wrote:
> > On Sat, 2008-01-05 at 01:36 -0600, Arthur Pemberton wrote:
> >   
> >> On Jan 5, 2008 12:33 AM, Ralf Corsepius <rc040203 at freenet.de> wrote:
> >>     
> >>> On Fri, 2008-01-04 at 12:07 -0500, John Dennis wrote:
> >>>       
> >>>> Ed Swierk wrote:
> >>>>         
> >>>>> People who already know about SELinux can of course just learn to type
> >>>>> ls -l --lcontext, but showing the extra information by default would
> >>>>> at least give clueless users like me a hint that files have these
> >>>>> extra attributes that might somehow be relevant to those strange
> >>>>> openvpn failures. IMHO this would be the single best usability
> >>>>> improvement to SELinux
> >>>>>           
> >>>> Re SELinux usability issues:
> >>>>
> >>>> We wrote the setroubleshoot package precisely to help SELinux novice
> >>>> users so they wouldn't suffer with hidden obscure failures of the type
> >>>> which have frustrated you. If it had been installed you would have
> >>>> received notifications in real time on your desktop describing the
> >>>> failure and suggestions on how to fix it.
> >>>>         
> >>> Well, honorable goal, but does it actually achieve this goal?
> >>>
> >>> * On one machine (FC8/x86_64), for me, all setroubleshoot does is to die
> >>> shortly after bootup and first-time login (I haven't tried to
> >>> investigate, but as it seems to me some serelated daemon is
> >>> segfaulting).
> >>>       
> >> You don't possibly think that this is the regular behaviour of
> >> setroubleshoot on which you cna judge it?
> >>     
> > No, I am pretty certain it's an setroubleshoot and/or its infrastructure
> > bug.
> >
> >   
> And have you done with this bug what I'm sure we all know we are 
> supposed to do with bugs we find? :P
Done right now. 

This morning's reboot gave me another opportunity to take a somewhat
deeper look ;)

https://bugzilla.redhat.com/show_bug.cgi?id=427721

Ralf