Bug 468842

Summary: [RFE] Enhance user experience with SElinux.
Product: [Fedora] Fedora Reporter: Jóhann B. Guðmundsson <johannbg>
Component: setroubleshootAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: dwalsh, jdennis, mgrepl
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-01-19 21:05:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jóhann B. Guðmundsson 2008-10-28 11:11:28 UTC 
Description of problem:

If we really want our end users to have good experience with selinux running
we need to add several things to setroubleshoot...

A) 

Simplify the reports with an "Detail" button for us techies.

B) 

Add a "Report" button that would file a selinux report to bugzilla.
( Team Anconda has done this so the code is there just needs to be 
integrated I think. )

C)

Add "Allow access" button that would execute the fix that setroubleshoot recommends upon the end user provides the root password.     
The users going to do it anyway so why not make it easer for him 
to do so if he has the root password instead of having him open 
a terminal have the report open and type in what's being recommended. 
users that dont have the root password  could "Report" the issue.

D) 

Add a "Fix" button that automatically restores the default system file context.
upon user providing the root password of course.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 John Dennis 2008-10-28 12:26:54 UTC 
These are all good suggestions. FWIW, suggestion C is already implemented but it's disabled by default. You can enable by edit the config file:

/etc/setroubleshoot/setroubleshoot.cfg

and setting the parameter run_fix_cmd_enable to True.
Comment 2 Jóhann B. Guðmundsson 2008-11-10 16:57:16 UTC 
Any reason why it cant be enabled for F10Final ?
Comment 3 Daniel Walsh 2008-11-10 19:03:22 UTC 
Yes it is very dangerous, and would require a security overview.
Comment 5 Daniel Walsh 2010-01-19 21:05:58 UTC 
Fixed in setroubleshoot-2.2.52-1.fc12