Bug 193457

Summary: FutureFeature - Better integration between selinux and firewall config in system-config-securitylevel
Product: [Fedora] Fedora Reporter: Robert Morrison <rmorriso>
Component: system-config-securitylevelAssignee: Thomas Woerner <twoerner>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-06-05 13:12:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Robert Morrison 2006-05-29 05:48:54 UTC 
Description of problem:

Not a bug but a feature request.

The specific situation that I encountered is summarized by a *rant* I posted on
fedoraforum.org.  I realize that it is fairly sarcastic, but I think it
effectivily illustrates the point I am trying to make so I will quote it here.

-----
SELinux integration with Fedora tools appears to be non-existent.

I expect that when I use the "Samba" administration tool and set up a share to
be accessible to everyone on my local LAN (or even the default user share) that
will work. But no.

So. I use the "Administration -> Security Level and Firewall" tool and check
"Samba" as a trusted service. Nope. My server says to me, "You can see the
shares, but you may not access them. Ha-ha, loser."

After much messing around with smb.conf, smbpasswd, and various other things I
finally decide to disable selinux. Then my server says to me, "*bing* Enjoy
using your samba shares! I love you."

So it seems I now need to read up on and fully understand selinux in order to
share files with Samba. This is a less than ideal situation. Imagine I was less
persistent and talented. The average user, or for that matter the average
sysadmin, would have given up and installed Suse or something else that lets its
admin tools do what they purport to do.

/rant
-----

Basically it's the fact that both of these systems "Firewall" and "SELinux"
coexist in the same administration tool, but there is no awareness within the
tool about how modifications on one side might require modifications on the
other side in order to work as the administrator intends.

Thanks for listening.
Comment 1 Thomas Woerner 2007-06-05 13:12:32 UTC 
The SELinux configuration options in s-c-sl for SELinux was reduced for F7 and
will be completely gone for F8. There is a new configuration tool for SELinux:
system-config-securitylevel. F8 will also have a new firewall configuration
tool: system-config-firewall.

I do not agree, that there are interactions between the firewall and SELinux -
these are completely different things.

Closing as "NOT A BUG".