Another selinux rant
Jason L Tibbitts III
tibbs at math.uh.edu
Tue Jan 8 00:24:53 UTC 2008
>>>>> "JD" == John Dennis <jdennis at redhat.com> writes:
JD> This is why setroubleshoot was designed to operate in a
JD> distributed network mode. At the time of setroubleshoot's initial
JD> release it was felt this was a corner case, that the most likely
JD> user of the tool would be developers and technically astute users
JD> both running locally. The distributed aspects of the tool were
JD> never promoted, although they continue to reside in the code.
Well, I for one would be happy to run a local server so that I can
keep an eye on selinux issues on the desktops here. I've been
cautiously rolling selinux out on user desktops and try to run it on
servers whenever I can (which is becoming much more often as I
understand more about how it works) but the only way I know there are
issues is if something explicitly breaks or by reading logwatch
reports.
Of course, my users should never see any kind of setroubleshoot
applet; they have no idea what it would mean and they don't have
privileges to make changes anyway.
- J<
More information about the fedora-devel-list
mailing list