Proposal: Improving SELinux <--> user interaction on Fedora - Kerneloops for SELinux
Arthur Pemberton
pemboa at gmail.com
Thu Jul 17 21:20:56 UTC 2008
On Thu, Jul 17, 2008 at 4:07 PM, Ahmed Kamal
<email.ahmedkamal at googlemail.com> wrote:
> - Autofix seems like a good idea
> - Perhaps Exempt button should only appear, if AutoFix doesn't work
> (not sure how to detect that)
> - To avoid a system user clicking Exempt, perhaps Exempt should only
> exempt the application only this time. i.e., when the application is
> launched again, it will generate a selinux warning again. That way,
> the user still reports the issue to get it properly fixed, but at the
> time, has the tools to get his work done and his apps running when he
> needs them
While this doesn't avoid the Vistaesque problem, it may be a fair
compromise to consider.
One more issue however, is there any way to hide the unimportant
denials? There are some denials that have no observable side effects.
--
Fedora 7 : sipping some of that moonshine
( www.pembo13.com )
More information about the fedora-devel-list
mailing list