Bug 468842 - [RFE] Enhance user experience with SElinux.
[RFE] Enhance user experience with SElinux.
Product: Fedora
Classification: Fedora
Component: setroubleshoot (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2008-10-28 07:11 EDT by Jóhann B. Guðmundsson
Modified: 2010-01-19 16:05 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-01-19 16:05:58 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jóhann B. Guðmundsson 2008-10-28 07:11:28 EDT
Description of problem:

If we really want our end users to have good experience with selinux running
we need to add several things to setroubleshoot...


Simplify the reports with an "Detail" button for us techies.


Add a "Report" button that would file a selinux report to bugzilla.
( Team Anconda has done this so the code is there just needs to be 
integrated I think. )


Add "Allow access" button that would execute the fix that setroubleshoot recommends upon the end user provides the root password.     
The users going to do it anyway so why not make it easer for him 
to do so if he has the root password instead of having him open 
a terminal have the report open and type in what's being recommended. 
users that dont have the root password  could "Report" the issue.


Add a "Fix" button that automatically restores the default system file context.
upon user providing the root password of course.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 John Dennis 2008-10-28 08:26:54 EDT
These are all good suggestions. FWIW, suggestion C is already implemented but it's disabled by default. You can enable by edit the config file:


and setting the parameter run_fix_cmd_enable to True.
Comment 2 Jóhann B. Guðmundsson 2008-11-10 11:57:16 EST
Any reason why it cant be enabled for F10Final ?
Comment 3 Daniel Walsh 2008-11-10 14:03:22 EST
Yes it is very dangerous, and would require a security overview.
Comment 5 Daniel Walsh 2010-01-19 16:05:58 EST
Fixed in setroubleshoot-2.2.52-1.fc12

Note You need to log in before you can comment on or make changes to this bug.