Disabling selinux question

Linus Walleij triad at df.lth.se
Fri Jan 4 11:36:05 UTC 2008


On Thu, 3 Jan 2008, John Dennis wrote:

> auditd is the general auditing facility, SELinux messages are just one of the 
> possible auditing messages.

But on a Fedora default install SELinux is the only thing using and 
requiring it, right?

> setroubleshootd is a diagnostic tool. If SELinux is completely disabled the 
> daemon exits if started.

OK, should it have "# hide: true" in /etc/init.d/setroubleshootd so it 
doesn't even turn up in system-config-services?

> Allowing 
> the daemon to decide if it should run or exit is more robust than some 
> utility which thinks it knows if something should be chkconfig'ed on or not 
> because it will almost certainly get that answer wrong.

Then all these smart daemons should have "# hide : true" in their 
respective /etc/init.d/foo script so avoid being managed by the smart 
utility system-config-services, am I right?

Linus




More information about the fedora-devel-list mailing list