dmesg errors (sgi_fam)
Martin Ebourne
lists at ebourne.me.uk
Wed Mar 17 11:39:15 UTC 2004
Russell Coker <russell at coker.com.au> wrote:
> The problem is that famd is an application which accepts network connections,
> wants read access to every file that any user can access. If you want to
> have a secure system you don't want many such programs.
Surely it doesn't need access to the file contents - just to stat them, so
access to directories (still a security issue, I agree).
> Remote famd operation is only for non-polling notifications over the network.
> For most people having polling for file status changes on NFS will probably
> be OK.
I agree with disabling remote famd, but the original post appeared to be
disabling the daemon entirely, which I expect would prevent local file
monitoring too. Or do gnome/kde use dnotify directly?
Also, I thought RH/Fedora already shipped with remote famd disabled.
Cheers,
Martin.
More information about the fedora-selinux-list
mailing list