Description of problem: If we really want our end users to have good experience with selinux running we need to add several things to setroubleshoot... A) Simplify the reports with an "Detail" button for us techies. B) Add a "Report" button that would file a selinux report to bugzilla. ( Team Anconda has done this so the code is there just needs to be integrated I think. ) C) Add "Allow access" button that would execute the fix that setroubleshoot recommends upon the end user provides the root password. The users going to do it anyway so why not make it easer for him to do so if he has the root password instead of having him open a terminal have the report open and type in what's being recommended. users that dont have the root password could "Report" the issue. D) Add a "Fix" button that automatically restores the default system file context. upon user providing the root password of course. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
These are all good suggestions. FWIW, suggestion C is already implemented but it's disabled by default. You can enable by edit the config file: /etc/setroubleshoot/setroubleshoot.cfg and setting the parameter run_fix_cmd_enable to True.
Any reason why it cant be enabled for F10Final ?
Yes it is very dangerous, and would require a security overview.
Fixed in setroubleshoot-2.2.52-1.fc12