The section 6 (confining users) in Fedora 21 documentation of SELinux is very unclear. 1. What does confining mean actually? How are they confined? What capabilities these user lose? These are crucial information, never discussed in the text. 2. In fedora with "seinfo -u" I see several selinux users. These, along with the limitation each has, are never discussed. 3. "6.5. xguest: Kiosk Mode": I miss some technical info on the restrictions of the xguest account. What that user can't do and what can it do. Without that information the text could just say, trust us we've done everything for you (nothing bad with it, except that in technical documentation you expect more). 4. I miss a "confining a server process/app" section. This is a very common usage for selinux but no information is provided about that at all. Can I put some server in a confined state, as the documentation discusses with the user? Do we provide some preconfigured selinux users, roles, types for that purpose? What about the sandbox tool we ship? That would be the information I'd expect from such a section.
When this will be addressed?
Hi Nikos, sorry for the delay. I started working on a different project and even though I still maintain Red Hat SELinux docs (and also Fedora docs) the other project has higher priority. However, since you escalated this I do my best to address this issue as soon as possible. Bara
Thank you Barbora.
I'm closing this bug as part of a Bugzilla cleanup effort. The most likely reason is that the bug has been opened either against a component we no longer publish, or against Release Notes for an EOL release.