Proposal: Improving SELinux <--> user interaction on Fedora - Kerneloops for SELinux

Tue Jul 22 16:42:35 UTC 2008

2008/7/22 David Nielsen <gnomeuser at gmail.com>:
>
>
> 2008/7/22 max <maximilianbianco at gmail.com>:
[ snip ]
>> Don't implement it or if you do make that nonsense optional and not the
>> default. Everyone wants things to be simpler, there is no easy way out.
>> System security is not something simple.  Developer's continue to indulge in
>> running permissive or turning SELinux off entirely, all this accomplishes is
>> to make it take longer to establish good policy, SELinux isn't going
>> anywhere. People need to get used to it. There are a number of tools
>> available to troubleshoot any issue but nobody seems to want to use any of
>> them. The kerneloops for SELinux is a good idea but it isn't going to
>> instantly solve anyone's problems. All those reports still have to sorted
>> and reviewed to determine how to fix policy to suit the majority of users,
>> it still may take weeks to sort it all out. People often are not even trying
>> the fixes suggested by SETroubleshoot. SETroubleshoot does a good job of
>> suggesting fixes. Audit2allow is great for this until upstream can figure
>> out how to work it out. All this talk of allow/deny buttons is absolute
>> insanity and it will ruin one of the few useful security tools that exist.
>
> Any suggested solution that starts with "open a terminal" scares users,
> additionally if they are required to be root in said terminal I would
> hestitate to guess that we lose everyone except a bare minimum of users when
> looking at the big picture

While I understand this sentiment, no one in this thread as suggested
this as a solution.

> my mother surely should not be asked to do
> this, the mere thought of her with the root password in hand terrifies me

In this regard, Ubuntu's use of sudo is useful

> add to that firing off random commands she has no idea what does - it's a
> wonder Hollywood has yet to make a blockbuster horror movie following this
> plot.

Again, no one in this thread has suggested this.

> In terms of what SELinux does currently, it's an improvement over the
> older releases but it's still far from being something I would let my mother
> ticker with - and the policy currently has plenty of holes in terms of what
> an average user might do, just the other day I discovered SELinux utter fail
> when plugging in my iPod (this was fixed within days of being filed and as I
> recall an update was pushed soon there after, so the response is generally
> good but that is still some 2 weeks where aunt tilly can't use her iPod).

Fair enough. We can't do everything for the sake of aunty tilly though.

> Should asking the user to drop to a terminal as root and issue commands
> really be our first line of defence.. I certainly hope not. We really need
> to be more proactive in gathering failures instead of relying on the user to
> patch up the policy with mysterious cli magic.

What are you responding to?

-- 
Fedora 7 : sipping some of that moonshine
( www.pembo13.com )