Useless setroubleshoot alerts

Konstantin Ryabitsev icon at
Tue Dec 8 13:29:29 UTC 2009

>From the point of view of security usability, this is cardinal sin:

If we start the warning message with "SELinux has detected suspicious
behaviour on your system" and end it with "You can safely ignore this
avc," then we are doing everyone a nasty disservice. Please, let's fix
it as soon as possible. I understand the need for SELinux to log
things purely for auditing purposes, but the user must NOT see those
alerts, or we'll condition everyone to just dismiss them.

I'm fairly certain this is a bug, but I've not yet bz'd it, as I
wanted to make sure that this is not "intended behaviour."

McGill University IT Security
Konstantin Ryabitsev
Montréal, Québec

More information about the fedora-devel-list mailing list