[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Another selinux rant



Ralf Corsepius wrote:
* Is it appropriate to inform arbitrary ordinary users about SELinux
issues? May-be this on single user/non-networked machines, but I don't
think this is the right concept for a networked environment in which
"ordinary user" normally isn't the system admin.

This is why setroubleshoot was designed to operate in a distributed network mode. At the time of setroubleshoot's initial release it was felt this was a corner case, that the most likely user of the tool would be developers and technically astute users both running locally. The distributed aspects of the tool were never promoted, although they continue to reside in the code.

In fairness the networked facilities need some enhancements to make them fully viable. For instance the network traffic is not encrypted, a critical feature when transmitting security sensitive data and it needs to be fronted by a more robust authentication mechanism.

--
John Dennis <jdennis redhat com>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]