Disabling selinux question
Linus Walleij
triad at df.lth.se
Fri Jan 4 22:30:29 UTC 2008
On Fri, 4 Jan 2008, Eric Paris wrote:
> There is no reason that a user cannot turn auditd off themselves (kernel
> just reroutes the messages to syslog rather than audit log) but audit
> still functions and serves a purpose all by itself.
Yeah turns out my big problem is likely with the # decription : provided
to s-c-s through the /etc/init.d/foo files so user knows they can actually
turn it off without shooting themselves in the foot.
> My opinion, if you disable SELinux in the installer (or s-c-selinux) it
> should disable those other programs you mentioned if those programs are
> not smart enough to not run on their own. (sounds like setroubleshoot
> and i'm going to guess sealert already are smart enough and
> anaconda/s-c-* shouldn't bother them...)
I think the best thing I can do is patch their # description : entries, so
the s-c-s user knows this.
If this was a major problem with s-c-s to me (not very high tech indeed)
I'm bold enough to believe it's going to be to many others as well.
Linus
More information about the fedora-devel-list
mailing list