On 2017-11-16 12:31, Petr Lautrbach wrote: > On Wed, Nov 15, 2017 at 04:23:44PM +0100, Andreas Nilsson wrote: >> On 2017-11-13 13:29, Petr Lautrbach wrote: >>> So the page is here >>> >>> https://github.com/cockpit-project/cockpit/wiki/Feature:-Manage-SELinux-policy >>> >>> There are 2 stories of 2 personas which I think describe expected usage. >>> I'm not sure how to describe Workflows but in Prior Art it's documented >>> as it is now. >> Looks good to me. Thanks for writing these up! >> For the stories, what about something like this: > Did you mean workflows?
I did mean workflows indeed. Sorry for the confusion. > >> "Phillip logs in to the system with Cockpit. He navigates to the section >> where he can set the SELinux permissions. He sets /companywebsite to be >> accessible by httpd. >> He then edits /etc/httpd/conf/httpd.conf and sets the configuration >> parameters necessary. He then creates the public_html folder for each >> users and set the right permissions. Once that is done he changes the >> selinux rule to allow users to server web content out of their home >> directories. > In this scenario I would not expect users to change rules but change boolean > values. > I'd rephrase the last sentence: > > Once that is done he changes the SELinux boolean which allows web server > to serve content out of home directories. Cool, I've added the whole workflow to the wiki page. > >> He then creates a test user, drops a html-file in >> /home/testuser/public_html and tests if it's accessible from a web >> browser. Once it's done he logs out." [1] >> >> "George Cucumber logs in to the system with Cockpit. He navigates to the >> section where he can set the SELinux permissions. There he changes all >> user accounts from unconfined to guest. Once it's done, he creates a >> test user and tries to ping google.com. It won't work, so he's >> successful. He logs out again." > s/unconfined/unconfined_u/;s/guest/guest_u/ Added this to the wiki page as well. Left out the Paul story for now, until we hear back from Mirek. - Andreas _______________________________________________ cockpit-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
