Bug 147915 - SELinux FAQ - Anaconda defaults are good enough for most users, note at top
SELinux FAQ - Anaconda defaults are good enough for most users, note at top
Status: CLOSED CURRENTRELEASE
Product: Fedora Documentation
Classification: Fedora
Component: selinux-faq (Show other bugs)
devel
All Linux
medium Severity medium
: ---
: ---
Assigned To: Chad Sellers
Tammy Fox
http://fedora.redhat.com/docs/selinux...
: FutureFeature
Depends On:
Blocks: 118757
  Show dependency treegraph
 
Reported: 2005-02-12 14:09 EST by Karsten Wade
Modified: 2007-04-18 13:19 EDT (History)
0 users

See Also:
Fixed In Version: 1.5.6
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-04-28 18:05:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Karsten Wade 2005-02-12 14:09:44 EST
<quaid> IMO, most users of FC3 won't need to know anything more than
how to use chcon
<quaid> I mean, I know waaay more than that, and I don't even use
chcon on my laptop.
<quaid> it's more of an administrator thing to think about, which is
why it's on by default in FC3/4 and RHEL 4, because Red Hat and Fedora
think of it as a best practice.
<quaid> once upon a time RH was known for stupidly leaving services on
at install time.
<quaid> I believe that rep is no longer deserved, for the most part :)
<quaid> the defaults that Anaconda offers are 'good enough' for most
users,
<quaid> maybe I need to say something like this at the top of the
Fedora SELinux FAQ
* quaid files a bug for himself



  selinux-faq-1.3-8 (2005-01-20-T16:20-0800)
Comment 1 Karsten Wade 2005-12-27 20:34:09 EST
Reassigning to other FAQ writer for review, should this bit be included in the FAQ?
Comment 2 Chad Sellers 2006-04-20 13:39:09 EDT
I'm not sure what you're thinking about including on the FAQ. Would this be a
blurb at the top that says "you probably don't need to know most of the stuff on
this FAQ"? Or perhaps are you talking about fairly generic FAQ entry that says
most problems can be solved by relabeling or booleans, and you probably don't
need to write policy?
Comment 3 Karsten Wade 2006-04-20 17:57:23 EDT
The picture has changed somewhat since then, so your second approach seems to
make sense.  I think this was more along the lines of putting s Note at the top:

"SELinux Will Not Eat Your Brane

Despite what you may have heard, SELinux default configuration should work just
fine for most of your needs.  For system administrators, it is another security
service, and that is where this FAQ is helpful."

There was, at that time, I felt a reputation that an OOTB installation had to be
tweaked somehow.  The 12 services covered in the targeted policy were mostly
rock solid, and it was only people running e.g. Apache + PHP who had problems. 
In other words, not most desktop users.

Anyway, the idea could be now to give non-system administrator users pointers at
the easy answers (relabeling, booleans) and that they just don't need to worry
about policy and other heavy stuff unless they are administrating systems or
developing software packages.
Comment 4 Chad Sellers 2006-04-28 12:52:15 EDT
Added new FAQ entry for configuring an SELinux system. I believe this addresses
this bz.

Note You need to log in before you can comment on or make changes to this bug.