Proposal: Improving SELinux <--> user interaction on Fedora - Kerneloops for SELinux
Andrew Bartlett
abartlet at samba.org
Thu Jul 17 23:19:53 UTC 2008
On Fri, 2008-07-18 at 09:00 +1000, Dave Airlie wrote:
> On Thu, 2008-07-17 at 17:57 -0500, Arthur Pemberton wrote:
> > On Thu, Jul 17, 2008 at 5:53 PM, Dave Airlie <airlied at redhat.com> wrote:
> > > kerneloops does it right, opt in, send somewhere useful, next step if
> > > somewhere useful has seen the AVC and we knows its safe, maybe send
> > > something back saying continue and ignore, but don't involve the user in
> > > the mess other than asking for opt-in.
> >
> > This may be a good idea. Have the service make a decision to continue
> > deny on temporarily allow based on available knowledge from the
> > server.
> >
> > How much private info if any would be in the average AVC?
>
> Good point I am reminded of some of those totem backtraces with porn
> movies in the backtrace :)
Perhaps flag backtraces including files covered by (Fedora) RPMs
differently to backtraces that reference user files (and specific other
files, like .xsession-errors)?
(and yes, I realise this might be difficult to do, but is probably the
only sane line between private and not-so-private files on a system).
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080718/ef0cd765/attachment.sig>
More information about the fedora-devel-list
mailing list