[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Disabling selinux question

On Fri, 4 Jan 2008, Eric Paris wrote:

There is no reason that a user cannot turn auditd off themselves (kernel
just reroutes the messages to syslog rather than audit log) but audit
still functions and serves a purpose all by itself.

Yeah turns out my big problem is likely with the # decription : provided to s-c-s through the /etc/init.d/foo files so user knows they can actually turn it off without shooting themselves in the foot.

My opinion, if you disable SELinux in the installer (or s-c-selinux) it
should disable those other programs you mentioned if those programs are
not smart enough to not run on their own.  (sounds like setroubleshoot
and i'm going to guess sealert already are smart enough and
anaconda/s-c-* shouldn't bother them...)

I think the best thing I can do is patch their # description : entries, so the s-c-s user knows this.

If this was a major problem with s-c-s to me (not very high tech indeed) I'm bold enough to believe it's going to be to many others as well.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]