Another selinux rant
John Dennis
jdennis at redhat.com
Mon Jan 7 19:47:48 UTC 2008
Ralf Corsepius wrote:
> * Is it appropriate to inform arbitrary ordinary users about SELinux
> issues? May-be this on single user/non-networked machines, but I don't
> think this is the right concept for a networked environment in which
> "ordinary user" normally isn't the system admin.
This is why setroubleshoot was designed to operate in a distributed
network mode. At the time of setroubleshoot's initial release it was
felt this was a corner case, that the most likely user of the tool would
be developers and technically astute users both running locally. The
distributed aspects of the tool were never promoted, although they
continue to reside in the code.
In fairness the networked facilities need some enhancements to make them
fully viable. For instance the network traffic is not encrypted, a
critical feature when transmitting security sensitive data and it needs
to be fronted by a more robust authentication mechanism.
--
John Dennis <jdennis at redhat.com>
More information about the fedora-devel-list
mailing list