https://bugzilla.suse.com/show_bug.cgi?id=1206292 https://bugzilla.suse.com/show_bug.cgi?id=1206292#c2 Hu <cathy.hu@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |cathy.hu@suse.com Resolution|--- |FIXED --- Comment #2 from Hu <cathy.hu@suse.com> --- Hi Imo, thank your for the question. Just to explain a bit the background why this boolean is not set per default on your MicroOS desktop: The selinux policy packages for MicroOS are build based on the rpm packaging definitions in openSUSE:Factory [0]. This is the same definition that also builds tumbleweed, non-desktop MicroOS and also where SLE distros branch off at some point in time. SELinux policies exist to protect your system. However, they are very specialized to the use case of a system. The policy in openSUSE:Factory is specialized on the use case of server loads, because that is our main target. This, however does not seem to be your use case, which is running a desktop system. In this case, some default policy rules may be too strict or do not fit to your use case. That is the reason why the SELinux project introduced SELinux booleans that allow you to modify the standard policy to your needs and use case. The recommended way from us and also intended SELinux-ish-way to solve this would be that people who are affected set the boolean according to the MicroOS desktop documentation [1] However, as security team, we can unfortunately not set this boolean as default as it would make the default policy more insecure. If you have any more questions, please feel free to reach out and reopen the bug. Kind regards, Cathy [0] https://build.opensuse.org/package/show/openSUSE:Factory/selinux-policy [1] https://en.opensuse.org/Portal:MicroOS/Desktop#Steam_Proton,_Bottles,_WINE,_... -- You are receiving this mail because: You are on the CC list for the bug.