Bug 503622 - automatic policy problem reporting
Summary: automatic policy problem reporting
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 11
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-06-01 23:21 UTC by Bill McGonigle
Modified: 2009-08-21 21:30 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-08-21 21:30:15 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Bill McGonigle 2009-06-01 23:21:59 UTC 
from a fedora-test discussion:

background:

AVC denial pop-ups annoy users.
Most don't understand them, fewer know about bugzilla, and fewer still know setroubleshoot or audit2allow.
We don't want to give them a quick way to eliminate the problem, as that desensitizes them to security alerts.
But we don't make it easy for them to file an issue either, even assuming they know to (most users would have no idea).

proposed solution:

The popup should have a 'Report this problem' button.

discussion:

This would be similar in spirit to anaconda's automated bug reporting.  I'm unfamiliar with its implementation, so I'm unaware if it makes sense to share infrastructure.

Talking directly to bugzilla might create too much load on the system, and it doesn't have the required smarts, so some middleware might be required.

If such a button lead to a dialog along the lines of:

-----------------------------------------
| Text of Problem___________________    |
|                                       |
| Additional comments:                  |
| -----------------------------------   |
| |                                ^|   |
| |                                v|   |
| -----------------------------------   |
|                                       |
| Optional information:                 |
| your e-mail adddress: [              ]|
| redhat bz password:   [              ]|
|                                       |
|                     [CANCEL] [SUBMIT] |
-----------------------------------------

then such a middleware piece could do things like find if there's already a duplicate bug, add cc's where a valid account exists, add to some sort of counter where an account does not exist (update a whiteboard field, perhaps?), possibly let non-account holders know when their issue is fixed in updates, etc.

There might be some benefit to creating signed messages to cut down on potential shenanigans; I haven't thought this through.  Perhaps anaconda folks have already solved this.

Anyway, something along these lines might help illuminate the top issues, give the users something constructive to do, and possibly speed up the cycle between problems being noticed to fixed through the update stream.

Anyway, I've outlined several ideas here, and am not a subject matter expert, so please adjust as needed and split off relevant task bugs as it makes sense.
Comment 1 Bug Zapper 2009-06-09 16:56:55 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 2 Daniel Walsh 2009-08-21 21:30:15 UTC 
Setroubleshoot features are now in rawhide.
Note You need to log in before you can comment on or make changes to this bug.