From Fedora Project Wiki

< FWN

Line 141: Line 141:


[2] Latin-American Fedora Ambassadors
[2] Latin-American Fedora Ambassadors
=== SELinux Eats Babies, Confines Wives, Gives Birth ===
JonMasters plunged[1] his head into the lion's mouth with a request to "re-add" the option to disable SELinux (or change to permissive mode) during or shortly after installation of the OS. His reasons included the apparent random breaking of currently working applications due to policy changes and the lack of support via gnome-vfs for relabeling of files to fix context problems. He finished off by claiming that "unsuspecting Desktop users" should not have something as complex as SELinux forced on them without an easy way to disable it.
1. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00059.html
Jon's examples of stuff that broke included attempting to use an ISO in ''virtmanager'' and running vpnc. He was at pains to point out that he had been running SELinux in "enforcing" for a long time and that he was reporting these problems because he thought that average "Desktop" users would be unable to use ''chcon'' to fix them.
Responses mostly emphasized that Jon was far from a typical user. SimoSorce argued[2] that, as a fellow developer, he had learned to expect labeling problems due to his non-standard usage and also how to fix them including changing policy for some of his commonly used packages. He noted that DanWalsh was very helpful in this regard. A brief discussion between SethVidal and MatthiasClasen suggested[2a] that ''nautilus'' has been fixed in rawhide to allow the labelling of files through gnome-vfs via the right-click "properties" dialog.
2. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00081.html
2a. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00088.html
DanWalsh wrote a detailed response[3] in which he commented that Jon had run ''vpnc'' from the command-line instead of from ''NetworkManager'', this latter being standard usage. Dan thought that this contradicted Jon's claim that this problem would be typically faced by an ordinary desktop user without access to, or knowledge of, ''chcon''. He further argued that the ''virt-manager'' problem was unlikely to be faced by such desktop users and went on to explain that "libvirtd is not unconfined whereas running qemu as a user is unconfined. Running qemu from libvirtd is still confined and is fixed by correct labeling. Hopefully the virt-manager people will assign an appropriate context at creation time, and/or default virtual machines to /var/lib/libvirt/images where they will be labeled correctly automatically."
3. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00127.html
Dan then commented that Desktop users are currently only confined with respect to executable memory checks in order to stop poorly written programs offering a means to execute buffer overflows. The use of PolicyKit, HAL and D-BUS to improve the user's desktop experience by running applications as root was mentioned by Dan as a further arena in which user confinement was necessary in order to prevent root exploits. He alluded to his recent presentations (e.g. [4],[5]) on confining users on Fedora 9 and rawhide as ways in which user types can be confined in customized ways to prevent such problems.
4. http://www.redhatmagazine.com/2008/07/02/writing-policy-for-confined-selinux-users/
5. http://danwalsh.livejournal.com/11913.html
DanielBerrange added[6] that the ''libvirt'' problem should be permanently fixed in Fedora 10 due to new storage management capabilities.
6. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00128.html
Much of the rest of the discussion focused on the general problem of whether or not it was appropriate to offer uneducated users the option to disable intrinsic security. JesseKeating and AlanCox[7] thought that a lack of knowledge precluded a meaningful choice and JamesMorris agreed[8], and referenced BruceSchneier on risk evaluation and security. He concluded that "Punting the decision to the end user during installation is possibly the worst option. It's our responsibility as the developers of the OS to both get security right and make it usable. It's difficult, indeed, but not impossible."
7. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00073.html
8. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00091.html
ColinWalters added[9] his voice to the chorus of those that believed that it was inappropriate to offer such options during installation. He suggested that ''system-config-selinux'' post-installation was available for those that really needed it and that the paths to solve this problem were not restricted to a binary "enabled or disabled by default" but included other possibilities such as: rawhide defaults to permissive; automatic reporting of denials to the Fedora developers; shifting more objects into unconfined_t in the default while confining network-facing services; and finally, using a regression test suite to ensure updates are not problems. Jon was largely in agreement[10] and again wanted to emphasize that he was appreciative of both Dan's rapid fixing of problems and the usefulness of SELinux itself, but he thought that the "tuning down of default policy" was the best option to enable "Desktops where people can just get stuff done." AlanCox did not buy this[11] and argued that no progress would be made without exposing us all to the problems which would then get fixed. He likened the discussion to the years-old one which had taken place concerning firewalls being enabled by default: "Sorry if I sound fed up of all of this but I spent 9 months fighting people years back to get firewalling enabled by default, and that had all the same arguments. Today nobody (even Microsoft) would propose otherwise." Alan added that ''setroubleshoot'' should be a bit more user friendly.
9. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00072.html
10. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00075.html
11. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00099.html
Apparent agreement on this last point exposed a further problem with several posters suggesting[12],[13] that a Windows Vista-like prompt to run a program which had been flagged as dangerous would be useful. SimoSorce and AndrewFarris highlighted[14],[15] the potential flaw of such an approach. SurenKarapetyan argued[16] that he and others were capable of making an informed choice to disable SELinux and that Fedora was becoming increasingly restricted in such freedoms. SimoSorce retorted[17] that re-adding the "disable SELinux" option during installation was wrong from a usability perspective and that if was both selfish and incompetent for Fedora developers to simply disable SELinux instead of dogfooding it. Suryen referenced Smolt statistics to bolster his case and argued that it was wrong to decide "for the user" what to do. AlanCox responded[18] that such statistics were meaningless because it was impossible to know how many of the users disabling SELinux had made an informed, correct choice.
12. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00101.html
13. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00117.html
14. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00124.html
15. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00125.html
16. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00184.html
17. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00187.html
18. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00221.html
Several other posters expressed frustration with the repetition of such objections to SELinux and there the thread would have lain, flogged senseless except that StewartAdam volunteered[19] to help write an "setroubleshoot" plugin that "allowed users to report audit denials similar to how kerneloops does. setroubleshoot then bridges the gap between new users and fixing the policy, and it could be done with stats to see what areas need work on. Naturally it would only report the denials the user requests to be submitted, so no "calling home" stuff." This proposal seemed to draw general approval[20],[21].
19. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00131.html
20. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00142.html
21. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00137.html

Revision as of 04:06, 7 July 2008

Fedora Weekly News Issue 133

Welcome to Fedora Weekly News Issue 133 for the week ending July 5, 2008.

http://fedoraproject.org/wiki/FWN/Issue133

If you are interested in contributing to Fedora Weekly News, please see our 'join' page. Being a Fedora Weekly News beat writer gives you a chance to work on one of our community's most important sources of news, and can be done in only about 1 hour per week of your time.

We are still looking for beat writers to summarize the Fedora Events and Meetings that happened during each week.

http://fedoraproject.org/wiki/NewsProject/Join


Planet Fedora

In this section, we cover the highlights of Planet Fedora - an aggregation of blogs from Fedora contributors worldwide.

http://planet.fedoraproject.org

Contributing Writer: Max Spevack

Func and Certmaster 0.20 Released

Michael DeHaan announced on his blog[1] that Func and Certmaster have both just seen new releases.

"This showcases significantly improved asynchronous support as well as the future of Funcweb. We should also have multi-overlord delegation for extra-large (read: global) setups implemented pretty soon. More releases short start following at greater frequency."

He also included links to the official project pages, for anyone who desires more information.

[1] http://www.michaeldehaan.net/?p=645

Transifex receives some updates

Diego Búrigo Zacarão wrote on his blog about two improvements to Transifex.

"We have a quite stable version of Transifex using:

   * SQLAlchemy 0.4.6
   * Genshi 0.5
   * ToscaWidgets 0.9.2
   * TurboGears 1.0.4.4"[1]

Also, i18n support in Transifex has been split into two different potfiles[2]. "All strings related with the source code will be stored in the 'po/view/' directory and strings coming from database, into the 'po/data/'."

[1] http://diegobz.net/2008/06/30/transifex-using-sqlalchemy-genshi-and-toscawidgets-is-ready/

[2] http://diegobz.net/2008/06/30/transifex-i18n-support-splitted-into-two-different-potfiles/

Inkscape tutorials

Ryan Lerch has posted three new Inkscape tutorials on his blog[1].

"After a month or so of laziness, i have finally updated the inkscape tutorials blog with 3 fresh tutorials for all to try!"

[1] http://ryanler.wordpress.com/2008/07/02/fresh-inkscape-tutorials-at-the-inkscape-tutorials-blog/

New Fedora business cards

Ian Weller has been working on a new design for Fedora business cards[1].

"List of changes:

   * Added “infinity | freedom | voice” to front
   * Added “fedoraproject.org” to front
   * Removed GPG key fingerprint
   * Moved Fedora logo to top and inverse on blue bar
   * Created blue bars at top and bottom
   * Removed back"

[1] http://ianweller.org/2008/07/01/fedora-business-cards-take-two.html

Bug Triage meeting

John Poelstra wrote on his blog[1]:

"Our weekly bug triage meeting hasn't happened for several weeks and we'd like to resume them again. Some of us were tied up with other things and some people were unable to make the time. Also after having a few meetings with one or two people it seemed unclear how best to proceed.

So... we know there are a lot of people interested in bug triage but past meeting attendance hasn't been good so we'd like to try and fix that. At least two or three people sign up for the 'fedorabugs' group every day so there is a disconnect there somewhere we need to fix. And if you think weekly meetings aren’t the way to go and there is a better way to proceed please put it forward."

[1] http://poelcat.wordpress.com/2008/06/30/bug-triage-meeting/

Marketing

In this section, we cover the Fedora Marketing Project.

http://fedoraproject.org/wiki/Marketing

Contributing Writer: Pascal Calarco

Fedora 9 & KDE 4 review

Rahul Sundaram forwarded [1] a recent review of Fedora 9 with KDE 4 [2], which summarized, "[w]e recommend Fedora 9 and the KDE that comes with it, not to the average user, people switching to Fedora or to Linux itself for that matter, but to past Fedora and KDE users, that would like to play around with the latest and greatest to the Fedora Linux distribution."

[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00016.html [2] http://www.inatux.com/blog

Acer's Linpus Linux Lite Features Fedora

Rahul Sundaram forwarded a review of Acer's new ultraportable, who's operating system is based on Fedora 8. The article notes, "Fedora has managed to avoid shabby deals with Microsoft and playing fast and loose with Kernel source code and the GPL. At last, a version of GNU/Linux on an ultra portable you can use with a clear conscience."

[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00020.html [2] http://www.freesoftwaremagazine.com/columns/acers_linpus_linux_lite_ultra_portable_laptop

FedoraTV is Ready To Go!

Jonathan Roberts announced [1] this week that the FedoraTV hosted site [2] is ready for further review and content submissions. He added, "Any FAS account holders can login, file a ticket with information about a video/audio they want to submit for the feed, and we can respond openly and hold any discussions about whether to include the file or not." Kushal Das responded [3], encouraging everyone to submit their Fedora-related screencasts, podcasts and other video to the new site.

[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00017.html [2] https://fedorahosted.org/fedoratv/ [3] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00019.html

Software Freedom T-Shirts

Jayme Ayres announced [1] a new graphic design [2] for Software Freedom Day, inspired by discussions amongst Brazilian Fedora Ambassadors, and also pointed to the video produced after the recent Fórum Internacional Software Livre (FISL) meeting in Brazil that recently appeared in Red Hat Magazine [3], and the polo shirts also designed for the event [4]

[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00022.html [2] http://jaymeayres.com/arquivos/tShirt-SFDay08.png [3] http://www.redhatmagazine.com/2007/08/02/video-meet-the-fedora-ambassadors/ [4] https://fedoraproject.org/wiki/Artwork/T-Shirt#FISL_9.0_-_Brasil


Ambassadors

In this section, we cover Fedora Ambassadors Project.

http://fedoraproject.org/wiki/Ambassadors

Contributing Writer: JeffreyTadlock


Help Wanted: Utah Open Source Conference 2008

Clint Savage posted[1] asking for ambassador help with the Utah Open Source Conference 2008 (August 28 to August 30) at the Salt Lake Community College. If you are in the area, and able to help, please check the mailing list post for additional information.

[1] https://www.redhat.com/archives/fedora-ambassadors-list/2008-July/msg00020.html

New LATAM Administrator

Francesco Ugolini announced[1] that Rodrigo Padula has been acknowledged as the LATAM[2] Ambassadors administrator. Rodrigo is a long time Fedora Ambassador and a current member of the Fedora Ambassador Steering Committee. The role includes acting as a bridge for the LATAM community for ambassador resources.

[1] https://www.redhat.com/archives/fedora-ambassadors-list/2008-July/msg00004.html

[2] Latin-American Fedora Ambassadors

SELinux Eats Babies, Confines Wives, Gives Birth

JonMasters plunged[1] his head into the lion's mouth with a request to "re-add" the option to disable SELinux (or change to permissive mode) during or shortly after installation of the OS. His reasons included the apparent random breaking of currently working applications due to policy changes and the lack of support via gnome-vfs for relabeling of files to fix context problems. He finished off by claiming that "unsuspecting Desktop users" should not have something as complex as SELinux forced on them without an easy way to disable it.

1. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00059.html

Jon's examples of stuff that broke included attempting to use an ISO in virtmanager and running vpnc. He was at pains to point out that he had been running SELinux in "enforcing" for a long time and that he was reporting these problems because he thought that average "Desktop" users would be unable to use chcon to fix them.

Responses mostly emphasized that Jon was far from a typical user. SimoSorce argued[2] that, as a fellow developer, he had learned to expect labeling problems due to his non-standard usage and also how to fix them including changing policy for some of his commonly used packages. He noted that DanWalsh was very helpful in this regard. A brief discussion between SethVidal and MatthiasClasen suggested[2a] that nautilus has been fixed in rawhide to allow the labelling of files through gnome-vfs via the right-click "properties" dialog.

2. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00081.html

2a. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00088.html

DanWalsh wrote a detailed response[3] in which he commented that Jon had run vpnc from the command-line instead of from NetworkManager, this latter being standard usage. Dan thought that this contradicted Jon's claim that this problem would be typically faced by an ordinary desktop user without access to, or knowledge of, chcon. He further argued that the virt-manager problem was unlikely to be faced by such desktop users and went on to explain that "libvirtd is not unconfined whereas running qemu as a user is unconfined. Running qemu from libvirtd is still confined and is fixed by correct labeling. Hopefully the virt-manager people will assign an appropriate context at creation time, and/or default virtual machines to /var/lib/libvirt/images where they will be labeled correctly automatically."

3. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00127.html

Dan then commented that Desktop users are currently only confined with respect to executable memory checks in order to stop poorly written programs offering a means to execute buffer overflows. The use of PolicyKit, HAL and D-BUS to improve the user's desktop experience by running applications as root was mentioned by Dan as a further arena in which user confinement was necessary in order to prevent root exploits. He alluded to his recent presentations (e.g. [4],[5]) on confining users on Fedora 9 and rawhide as ways in which user types can be confined in customized ways to prevent such problems.

4. http://www.redhatmagazine.com/2008/07/02/writing-policy-for-confined-selinux-users/

5. http://danwalsh.livejournal.com/11913.html


DanielBerrange added[6] that the libvirt problem should be permanently fixed in Fedora 10 due to new storage management capabilities.

6. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00128.html

Much of the rest of the discussion focused on the general problem of whether or not it was appropriate to offer uneducated users the option to disable intrinsic security. JesseKeating and AlanCox[7] thought that a lack of knowledge precluded a meaningful choice and JamesMorris agreed[8], and referenced BruceSchneier on risk evaluation and security. He concluded that "Punting the decision to the end user during installation is possibly the worst option. It's our responsibility as the developers of the OS to both get security right and make it usable. It's difficult, indeed, but not impossible."

7. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00073.html

8. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00091.html

ColinWalters added[9] his voice to the chorus of those that believed that it was inappropriate to offer such options during installation. He suggested that system-config-selinux post-installation was available for those that really needed it and that the paths to solve this problem were not restricted to a binary "enabled or disabled by default" but included other possibilities such as: rawhide defaults to permissive; automatic reporting of denials to the Fedora developers; shifting more objects into unconfined_t in the default while confining network-facing services; and finally, using a regression test suite to ensure updates are not problems. Jon was largely in agreement[10] and again wanted to emphasize that he was appreciative of both Dan's rapid fixing of problems and the usefulness of SELinux itself, but he thought that the "tuning down of default policy" was the best option to enable "Desktops where people can just get stuff done." AlanCox did not buy this[11] and argued that no progress would be made without exposing us all to the problems which would then get fixed. He likened the discussion to the years-old one which had taken place concerning firewalls being enabled by default: "Sorry if I sound fed up of all of this but I spent 9 months fighting people years back to get firewalling enabled by default, and that had all the same arguments. Today nobody (even Microsoft) would propose otherwise." Alan added that setroubleshoot should be a bit more user friendly.

9. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00072.html

10. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00075.html

11. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00099.html

Apparent agreement on this last point exposed a further problem with several posters suggesting[12],[13] that a Windows Vista-like prompt to run a program which had been flagged as dangerous would be useful. SimoSorce and AndrewFarris highlighted[14],[15] the potential flaw of such an approach. SurenKarapetyan argued[16] that he and others were capable of making an informed choice to disable SELinux and that Fedora was becoming increasingly restricted in such freedoms. SimoSorce retorted[17] that re-adding the "disable SELinux" option during installation was wrong from a usability perspective and that if was both selfish and incompetent for Fedora developers to simply disable SELinux instead of dogfooding it. Suryen referenced Smolt statistics to bolster his case and argued that it was wrong to decide "for the user" what to do. AlanCox responded[18] that such statistics were meaningless because it was impossible to know how many of the users disabling SELinux had made an informed, correct choice.

12. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00101.html

13. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00117.html

14. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00124.html

15. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00125.html

16. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00184.html

17. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00187.html

18. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00221.html

Several other posters expressed frustration with the repetition of such objections to SELinux and there the thread would have lain, flogged senseless except that StewartAdam volunteered[19] to help write an "setroubleshoot" plugin that "allowed users to report audit denials similar to how kerneloops does. setroubleshoot then bridges the gap between new users and fixing the policy, and it could be done with stats to see what areas need work on. Naturally it would only report the denials the user requests to be submitted, so no "calling home" stuff." This proposal seemed to draw general approval[20],[21].

19. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00131.html

20. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00142.html

21. https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00137.html