Bug 193457 - FutureFeature - Better integration between selinux and firewall config in system-config-securitylevel
FutureFeature - Better integration between selinux and firewall config in sys...
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Depends On:
  Show dependency treegraph
Reported: 2006-05-29 01:48 EDT by Robert Morrison
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-06-05 09:12:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Robert Morrison 2006-05-29 01:48:54 EDT
Description of problem:

Not a bug but a feature request.

The specific situation that I encountered is summarized by a *rant* I posted on
fedoraforum.org.  I realize that it is fairly sarcastic, but I think it
effectivily illustrates the point I am trying to make so I will quote it here.

SELinux integration with Fedora tools appears to be non-existent.

I expect that when I use the "Samba" administration tool and set up a share to
be accessible to everyone on my local LAN (or even the default user share) that
will work. But no.

So. I use the "Administration -> Security Level and Firewall" tool and check
"Samba" as a trusted service. Nope. My server says to me, "You can see the
shares, but you may not access them. Ha-ha, loser."

After much messing around with smb.conf, smbpasswd, and various other things I
finally decide to disable selinux. Then my server says to me, "*bing* Enjoy
using your samba shares! I love you."

So it seems I now need to read up on and fully understand selinux in order to
share files with Samba. This is a less than ideal situation. Imagine I was less
persistent and talented. The average user, or for that matter the average
sysadmin, would have given up and installed Suse or something else that lets its
admin tools do what they purport to do.


Basically it's the fact that both of these systems "Firewall" and "SELinux"
coexist in the same administration tool, but there is no awareness within the
tool about how modifications on one side might require modifications on the
other side in order to work as the administrator intends.

Thanks for listening.
Comment 1 Thomas Woerner 2007-06-05 09:12:32 EDT
The SELinux configuration options in s-c-sl for SELinux was reduced for F7 and
will be completely gone for F8. There is a new configuration tool for SELinux:
system-config-securitylevel. F8 will also have a new firewall configuration
tool: system-config-firewall.

I do not agree, that there are interactions between the firewall and SELinux -
these are completely different things.

Closing as "NOT A BUG".

Note You need to log in before you can comment on or make changes to this bug.