Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1180524

Summary: confining users section unclear
Product: [Retired] Fedora Documentation Reporter: Nikos Mavrogiannopoulos <nmavrogi>
Component: selinux-user-guideAssignee: Jaromir Hradilek <jhradile>
Status: CLOSED EOL QA Contact: Fedora Docs QA <docs-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: develCC: bancinco, mprpic, reklov, zach
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1292446 (view as bug list) Environment:
Last Closed: 2019-11-07 15:29:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1292446    

Description Nikos Mavrogiannopoulos 2015-01-09 11:05:53 UTC 
The section 6 (confining users) in Fedora 21 documentation of SELinux is very unclear.

1. What does confining mean actually? How are they confined? What capabilities these user lose? These are crucial information, never discussed in the text.

2. In fedora with "seinfo -u" I see several selinux users. These, along with the limitation each has, are never discussed.

3. "6.5. xguest: Kiosk Mode": I miss some technical info on the restrictions of the xguest account. What that user can't do and what can it do. Without that information the text could just say, trust us we've done everything for you (nothing bad with it, except that in technical documentation you expect more).

4. I miss a "confining a server process/app" section. This is a very common usage for selinux but no information is provided about that at all. Can I put some server in a confined state, as the documentation discusses with the user? Do we provide some preconfigured selinux users, roles, types for that purpose? What about the sandbox tool we ship? That would be the information I'd expect from such a section.
Comment 1 Nikos Mavrogiannopoulos 2015-11-30 15:38:25 UTC 
When this will be addressed?
Comment 2 Bara Ancincova 2015-12-03 08:36:25 UTC 
Hi Nikos, 

sorry for the delay. I started working on a different project and even though I still maintain Red Hat SELinux docs (and also Fedora docs) the other project has higher priority. However, since you escalated this I do my best to address this issue as soon as possible.

Bara
Comment 3 Nikos Mavrogiannopoulos 2015-12-04 10:38:49 UTC 
Thank you Barbora.
Comment 4 Petr Bokoc 2019-11-07 15:29:53 UTC 
I'm closing this bug as part of a Bugzilla cleanup effort. The most likely reason is that the bug has been opened either against a component we no longer publish, or against Release Notes for an EOL release.