SELinux on Fedora 17 - troubles, troubles, troubles, ...
On 19.07.2012 11:40, Gilboa Davara wrote:
> On Thu, Jul 19, 2012 at 12:24 PM, Mateusz Marzantowicz
> <firstname.lastname@example.org> wrote:
>> Why is using of SELinux on Fedora (I don't have experience with other
>> distros) so painful from a regular user perspective?
>> I'm talking about situation in which after installing stock packages and
>> "just running" applications I'm spending more time with SELInux Alert
>> Browser than any other system management utility.
>> You'd probably say that it's my fault, that I messed up with selinux
>> settings (yes, I confess, I've enabled samba sharing on some of my
>> directories under home but I've done this based on official Wiki) but
>> actually I only followed instructions from alert browser. I've applied
>> custom policies for one or two files that I then removed after one or
>> two hours.
>> I think that right now my system is as secure as with selinux disabled
>> because of all that modification that I've made. I'm not an idiot but I
>> really can't track all security policies that are active in my desktop
>> system used for daily work.
>> Do I really need to became security expert specialized in SELInux to use
>> my system? I started reading about selinux design and configuration but
>> I think it's a waste of time. My current selinux problem is caused by
>> systemd-tmpfiles trying to cleanup my /tmp dir where I copied some files
>> from home directory to play with and ... left them for automatic
>> cleanup. Solution is obvious - remove files form /tmp manually but then
>> autoremover mechanism provided by Fedora is redundant.
>> Is there a chance that someday users will use selinux without even
>> noticing it's installed?
> You do understand that ranting (as opposed to reporting bugs / sending
> fixes / etc) will get you nowhere, right?
> - Gilboa
I also do understand that reporting a bug for each problem with selinux
I encounter in my system isn't going anywhere too. I'd also like to use
this valuable security mechanism.
My original intention was to ask people on the list how do they deal
with selinux policy mess in their systems which is obvious, they have in
their configs after using Fedora for more than a month. Maybe it's about
finding "the path" or just right management tools which I'm missing.
Currently my knowledge of selinux isn't that big as yours so I couldn't
simply differentiate between my fault and selinux policy bug. I also
think that users shouldn't be forced to know that kind of things.
users mailing list
To unsubscribe or change subscription options:
Have a question? Ask away: http://ask.fedoraproject.org