A Modest Suggestion to make SElinux usable.

[max]

On Sun, May 31, 2009 at 12:21:07AM -0700, Chuck Forsberg WA7KGX N2469R wrote:
> Add a menu choice to the SElinux avc denial popup
> that tells SElinux: "Let it do that".
>
SELinux needs a lot of things but an allow button is not one of them. A better idea would be to use the recently created sandbox feature instead, offering to run the application in a generic sandbox, this way it may run without incident but you can be reasonably sure it isn't grossly violating policy. 

Of course the sandbox doesn't support X apps yet so it may or may not work but its better than just allowing according to setroubleshoot. Really RPM (package kit or whatever) should sandbox all applications upon installation that do not have policy in place or at least offer the option but undoubtedly people would complain about that feature. 



-- 
So finally one day, God answers me. "Persistent one aren't we?...Fine, name thatwhich you'd like to know."

"Everything that I don't." I replied. It was the first time I ever heard a smile.