Forward looking to FC2 final and SELinux
Chris Kloiber, RHCX
ckloiber at redhat.com
Thu Apr 8 08:16:32 UTC 2004
On Thu, 2004-04-08 at 14:46, Alexandre Oliva wrote:
> On Apr 7, 2004, Matias Feliciano <feliciano.matias at free.fr> wrote:
>
> > Le mar 06/04/2004 à 20:59, Jesse Keating a écrit :
> >> [...]
> >> The option for SELinux should continue to be exposed during the install
> >> (and kickstarts), but default to off.
>
> > +1
>
> How would you feel about permissive mode instead of disabled as the
> default?
I would like to see permissive mode the default, but don't spam
/dev/console. Instead log the avc errors to a different local# facility,
and capture that information separately from /var/log/messages. A gui
log viewer specifically for the selinux.log that could parse the denial
messages and propose policy source changes on a per-application basis
would be very nice, probably a pipe dream short term though.
--
Chris Kloiber, RHCX
Red Hat, Inc.
More information about the fedora-devel-list
mailing list