On 2017-11-13 13:29, Petr Lautrbach wrote: > So the page is here > > https://github.com/cockpit-project/cockpit/wiki/Feature:-Manage-SELinux-policy > > There are 2 stories of 2 personas which I think describe expected usage. > I'm not sure how to describe Workflows but in Prior Art it's documented > as it is now.
Looks good to me. Thanks for writing these up! For the stories, what about something like this: "Phillip logs in to the system with Cockpit. He navigates to the section where he can set the SELinux permissions. He sets /companywebsite to be accessible by httpd. He then edits /etc/httpd/conf/httpd.conf and sets the configuration parameters necessary. He then creates the public_html folder for each users and set the right permissions. Once that is done he changes the selinux rule to allow users to server web content out of their home directories. He then creates a test user, drops a html-file in /home/testuser/public_html and tests if it's accessible from a web browser. Once it's done he logs out." [1] "George Cucumber logs in to the system with Cockpit. He navigates to the section where he can set the SELinux permissions. There he changes all user accounts from unconfined to guest. Once it's done, he creates a test user and tries to ping google.com. It won't work, so he's successful. He logs out again." "Paul logs in to the system with Cockpit. He navigates to the section where he can set the SELinux permissions. He sets the bank_trans_ service to permissive. Once that is done, he logs out again" 1. Note that I added the additional steps unrelated to selinux, but necessary for the workflow to be successful. There is still a big gap before all this is successful only using Cockpit, but I think that's OK for now. - Andreas _______________________________________________ cockpit-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
