[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Proposal: Improving SELinux <--> user interaction on Fedora - Kerneloops for SELinux



On Fri, 2008-07-18 at 00:07 +0300, Ahmed Kamal wrote:
> - Autofix seems like a good idea
> - Perhaps Exempt button should only appear, if AutoFix doesn't work
> (not sure how to detect that)
> - To avoid a system user clicking Exempt, perhaps Exempt should only
> exempt the application only this time. i.e., when the application is
> launched again, it will generate a selinux warning again. That way,
> the user still reports the issue to get it properly fixed, but at the
> time, has the tools to get his work done and his apps running when he
> needs them
> 

NO NO NO ... DOING IT WRONG.

Don't ever ask the user for this kind of info, it would be better to go
ping a remote server and download a newer policy than ask the user.

The user is not going to have a freaking clue wtf exempting means.

Didn't you guys see the Mac vs Windows ADs on TV?

kerneloops does it right, opt in, send somewhere useful, next step if
somewhere useful has seen the AVC and we knows its safe, maybe send
something back saying continue and ignore, but don't involve the user in
the mess other than asking for opt-in.

Dave.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]