Proactive SELinux fixes from automatic collection of logs
Rahul Sundaram
sundaram at fedoraproject.org
Fri Jun 29 01:07:21 UTC 2007
Hi
There are many instances where SELinux policy causes AVC denials while
running programs. Some of these are policy issues, some actual bugs in
the program or security issues and others where the denial is rather
harmless and can be ignored for all practical purposes.
It is sometimes tedious to go and file a bug report methodologically on
all these denials in hope that we uncover and fix real policy issues.
What would be better is for users to run in some opt-in program that
automatically sends either the audit or messages log or both to central
server and the SELinux developers proactively fix policy issues without
the overhead of users filing bug reports.
I would gladly run a program and I would guess that many users would
find this a much better and easier way to report issues. We could even
tie this to a GUI and first boot in the installer. Kind of a smolt
(http://smolt.fedoraproject.org/stats) for SELinux if you will. Comments?
Rahul
More information about the fedora-selinux-list
mailing list