Another selinux rant
Les Mikesell
lesmikesell at gmail.com
Sun Jan 6 23:26:22 UTC 2008
James Morris wrote:
> On Fri, 4 Jan 2008, Jonathan Underwood wrote:
>
>> On 04/01/2008, Arthur Pemberton <pemboa at gmail.com> wrote:
>>> Have you considered the possibility of a large silent majority for
>>> whom it works most of the time and so need not complain? Not that
>>> valid complaints are a bad thing.
>>>
>> That could be the case. Perhaps there's something that could be added
>> to Smolt to allow the history of avc denials to be uploaded as part of
>> the profile - that would allow some really interesting analysis.
>
> Smolt has been collecting this information, but it has not yet been
> published on the web site (hopefully soon).
I'd expect these numbers to be overwhelmed by groups that (a) don't run
any services that need special handling and (b) run 3rd party apps that
aren't integrated in the policy and disable selinux so they work at all.
Do you have a way to distinguish these from people running something
with a fixable policy issue or account for them if you try to draw
conclusions from the reported values?
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-devel-list
mailing list