Red Hat Bugzilla – Bug 193457
FutureFeature - Better integration between selinux and firewall config in system-config-securitylevel
Last modified: 2007-11-30 17:11:34 EST
Description of problem:
Not a bug but a feature request.
The specific situation that I encountered is summarized by a *rant* I posted on
fedoraforum.org. I realize that it is fairly sarcastic, but I think it
effectivily illustrates the point I am trying to make so I will quote it here.
SELinux integration with Fedora tools appears to be non-existent.
I expect that when I use the "Samba" administration tool and set up a share to
be accessible to everyone on my local LAN (or even the default user share) that
will work. But no.
So. I use the "Administration -> Security Level and Firewall" tool and check
"Samba" as a trusted service. Nope. My server says to me, "You can see the
shares, but you may not access them. Ha-ha, loser."
After much messing around with smb.conf, smbpasswd, and various other things I
finally decide to disable selinux. Then my server says to me, "*bing* Enjoy
using your samba shares! I love you."
So it seems I now need to read up on and fully understand selinux in order to
share files with Samba. This is a less than ideal situation. Imagine I was less
persistent and talented. The average user, or for that matter the average
sysadmin, would have given up and installed Suse or something else that lets its
admin tools do what they purport to do.
Basically it's the fact that both of these systems "Firewall" and "SELinux"
coexist in the same administration tool, but there is no awareness within the
tool about how modifications on one side might require modifications on the
other side in order to work as the administrator intends.
Thanks for listening.
The SELinux configuration options in s-c-sl for SELinux was reduced for F7 and
will be completely gone for F8. There is a new configuration tool for SELinux:
system-config-securitylevel. F8 will also have a new firewall configuration
I do not agree, that there are interactions between the firewall and SELinux -
these are completely different things.
Closing as "NOT A BUG".