Bug 147915
Summary: | SELinux FAQ - Anaconda defaults are good enough for most users, note at top | ||
---|---|---|---|
Product: | [Fedora] Fedora Documentation | Reporter: | Karsten Wade <kwade> |
Component: | selinux-faq | Assignee: | Chad Sellers <csellers> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Tammy Fox <tammy.c.fox> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | devel | Keywords: | FutureFeature |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://fedora.redhat.com/docs/selinux-faq-fc3/ | ||
Whiteboard: | |||
Fixed In Version: | 1.5.6 | Doc Type: | Enhancement |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-04-28 22:05:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 118757 |
Description
Karsten Wade
2005-02-12 19:09:44 UTC
Reassigning to other FAQ writer for review, should this bit be included in the FAQ? I'm not sure what you're thinking about including on the FAQ. Would this be a blurb at the top that says "you probably don't need to know most of the stuff on this FAQ"? Or perhaps are you talking about fairly generic FAQ entry that says most problems can be solved by relabeling or booleans, and you probably don't need to write policy? The picture has changed somewhat since then, so your second approach seems to make sense. I think this was more along the lines of putting s Note at the top: "SELinux Will Not Eat Your Brane Despite what you may have heard, SELinux default configuration should work just fine for most of your needs. For system administrators, it is another security service, and that is where this FAQ is helpful." There was, at that time, I felt a reputation that an OOTB installation had to be tweaked somehow. The 12 services covered in the targeted policy were mostly rock solid, and it was only people running e.g. Apache + PHP who had problems. In other words, not most desktop users. Anyway, the idea could be now to give non-system administrator users pointers at the easy answers (relabeling, booleans) and that they just don't need to worry about policy and other heavy stuff unless they are administrating systems or developing software packages. Added new FAQ entry for configuring an SELinux system. I believe this addresses this bz. |