Another selinux rant

[John Dennis]

Ralf Corsepius wrote:
> * Is it appropriate to inform arbitrary ordinary users about SELinux
> issues? May-be this on single user/non-networked machines, but I don't
> think this is the right concept for a networked environment in which
> "ordinary user" normally isn't the system admin.

This is why setroubleshoot was designed to operate in a distributed 
network mode. At the time of setroubleshoot's initial release it was 
felt this was a corner case, that the most likely user of the tool would 
be developers and technically astute users both running locally. The 
distributed aspects of the tool were never promoted, although they 
continue to reside in the code.

In fairness the networked facilities need some enhancements to make them 
fully viable. For instance the network traffic is not encrypted, a 
critical feature when transmitting security sensitive data and it needs 
to be fronted by a more robust authentication mechanism.

-- 
John Dennis <jdennis at redhat.com>