Useless setroubleshoot alerts
Konstantin Ryabitsev
icon at fedoraproject.org
Tue Dec 8 13:29:29 UTC 2009
>From the point of view of security usability, this is cardinal sin:
http://file.status.net/identica/tieguy-20091208T063036-ngc2rhp.png
If we start the warning message with "SELinux has detected suspicious
behaviour on your system" and end it with "You can safely ignore this
avc," then we are doing everyone a nasty disservice. Please, let's fix
it as soon as possible. I understand the need for SELinux to log
things purely for auditing purposes, but the user must NOT see those
alerts, or we'll condition everyone to just dismiss them.
I'm fairly certain this is a bug, but I've not yet bz'd it, as I
wanted to make sure that this is not "intended behaviour."
Regards,
--
McGill University IT Security
Konstantin Ryabitsev
Montréal, Québec
More information about the fedora-devel-list
mailing list