Useless setroubleshoot alerts

Wed Dec 9 13:34:45 UTC 2009

2009/12/8 Konstantin Ryabitsev <icon at fedoraproject.org>:
> >From the point of view of security usability, this is cardinal sin:
>
> http://file.status.net/identica/tieguy-20091208T063036-ngc2rhp.png
>
> If we start the warning message with "SELinux has detected suspicious
> behaviour on your system" and end it with "You can safely ignore this
> avc," then we are doing everyone a nasty disservice. Please, let's fix
> it as soon as possible. I understand the need for SELinux to log
> things purely for auditing purposes, but the user must NOT see those
> alerts, or we'll condition everyone to just dismiss them.
>
> I'm fairly certain this is a bug, but I've not yet bz'd it, as I
> wanted to make sure that this is not "intended behaviour."

If it is then it is proof of insanity. I shy away from any "Yet
Another SELinux Rant" type stuff but this is plain ridiculous. I had
Gnome-terminal up this morning and was shelled into a remote box.
Thats it. Then I got a warning of the above - something to do with
bash and prelink. Couldn't care less really.

The end result is me disabling SELinux on my box. Sorry, I don't have
time or inclination to file a bug on this constant irritant ever since
it was introduced as nobody seems to take notice. Instead I'm asked
to:

# chcon_text_rel_slib insert_irritating_long_option_here
add_some_random_characters_for_good_measure_}{)(&)(*^&^$%$"1

or something. SELinux was quite good on F11 and F12. Now it would seem
it is starting to regress again.

</rant>

-- 
Christopher Brown