[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Disabling selinux question

On Fri, 2008-01-04 at 12:36 +0100, Linus Walleij wrote:
> On Thu, 3 Jan 2008, John Dennis wrote:
> > auditd is the general auditing facility, SELinux messages are just one of the 
> > possible auditing messages.
> But on a Fedora default install SELinux is the only thing using and 
> requiring it, right?

 No, think of it more like a different logging protocol. If you want to
get rid of "Yet another daemon" the best method would be to add audit
input support to the rsyslogd package.

> > setroubleshootd is a diagnostic tool. If SELinux is completely disabled the 
> > daemon exits if started.
> OK, should it have "# hide: true" in /etc/init.d/setroubleshootd so it 
> doesn't even turn up in system-config-services?
> > Allowing 
> > the daemon to decide if it should run or exit is more robust than some 
> > utility which thinks it knows if something should be chkconfig'ed on or not 
> > because it will almost certainly get that answer wrong.
> Then all these smart daemons should have "# hide : true" in their 
> respective /etc/init.d/foo script so avoid being managed by the smart 
> utility system-config-services, am I right?

 This means people can't stop the service, why do you want to do
that? Nothing "bad" happens if you stop any of these.

James Antill <james antill redhat com>
Red Hat

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]