Ahmed Kamal wrote:
another idea, is when a denial occurs, and we get this nice balloon, it would contain 2 buttons - AutoFix: automatically attempts changing the offending file's context, as per the recommended action - Exempt: changes the policy such that the offended application runs in an unrestricted selinux domain.
Whilst this can definitely be an option, I would be very, very, wary about putting it on the first screen the user sees, else they will get into the habit of clicking it. Could it be possible, perhaps, to use permissive domains (or whatever they are called) from the .26 kernel inside of s-c-selinux or s-c-services to fulfill this role?
IMHO, the policies will never be perfect. Mortals can't really "fix" the policy coz it's too complex. The Exempt is what the end users need, or they turn off the whole thing On Thu, Jul 17, 2008 at 10:55 PM, Robin Norwood <rnorwood redhat com> wrote:On Thu, 17 Jul 2008 14:19:07 -0500 "Arthur Pemberton" <pemboa gmail com> wrote:On Thu, Jul 17, 2008 at 2:17 PM, Daniel J Walsh <dwalsh redhat com>John Dennis designed setroubleshoot to be able to send its messages to an upstream collector, it seems to me that adding a button to report the message upstream would be easy. The problem is where is the upstream infrastructure to handle all the messages. dwalsh redhat com Is probably not a good place.I would think not. Does the infrastructure team have any web service or sorts that can accept these log messages?Probably not, but it sounds like a fairly easy turbogears project. The data is in XML? Is the format defined anywhere? The app would need to process the XML to check for duplicates, and display the results. If the format is well-defined and we can say "If fields x, y, and z are the same, then this is a duplicate report", then it should be nearly trivial. -RN -- Robin Norwood Red Hat, Inc. "The Sage does nothing, yet nothing remains undone." -Lao Tzu, Te Tao Ching -- fedora-devel-list mailing list fedora-devel-list redhat com https://www.redhat.com/mailman/listinfo/fedora-devel-list
-- Benjamin Lewis Fedora Ambassador ben lewis benl co uk ----------------------------------------------------------------------- http://benl.co.uk./ PGP Key: 0x647E480C "In cases of major discrepancy, it is always reality that got it wrong" -- RFC 1118
begin:vcard fn:Benjamin Lewis n:Lewis;Benjamin org:benl.co.uk adr:;;;Cwmbran;;;United Kingdom email;internet:ben lewis benl co uk x-mozilla-html:FALSE url:http://benl.co.uk version:2.1 end:vcard
Description: OpenPGP digital signature