Fedora11 and Setroubleshoot-server
Daniel J Walsh
dwalsh at redhat.com
Wed Jun 10 11:56:55 UTC 2009
On 06/09/2009 03:43 PM, Vadym Chepkov wrote:
> I would be glad to know what that is I suppose to start "faster" now. Is Fedora becoming strictly a desktop solution and I need to start looking for something else for a server? I am just curious.
> Sincerely yours,
> Vadym Chepkov
> --- On Tue, 6/9/09, David P. Quigley<dpquigl at tycho.nsa.gov> wrote:
>> From: David P. Quigley<dpquigl at tycho.nsa.gov>
>> Subject: Re: Fedora11 and Setroubleshoot-server
>> To: "Vadym Chepkov"<chepkov at yahoo.com>
>> Cc: "Fedora SELinux"<fedora-selinux-list at redhat.com>
>> Date: Tuesday, June 9, 2009, 2:42 PM
>> I could be wrong so don't hold me to
>> this but I remember hearing that
>> they moved this service into being started as needed by
>> component. I believe this was done to help with boot times.
>> If I
>> remember correctly setroubleshoot should start up when it
>> receives the
>> first AVC denial.
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
In stead of having two huge python programs running all of the time
doing nothing we have reimplemented setroubleshoot into a dbus
application. Now you have two small C apps sedispatch which listens to
auditdispatch for avc messages and seapplet is running on the desktop to
listen for dbus messages from setroubleshootd to put up the star.
setroubleshoot is now a dbus service. Audit listens for all messages
which hands it to audispd which hands the messages to sedispatch. Which
you should see running on your system.
When sedisatch sees an AVC it sends a dbus message to setroubleshootd.
Dbus will start setroubleshootd if it is not running. When
setroulbleshootd sees the message it analyzes it and sends a dbus signal
to all seapplets, the seapplet will put up the Star. If the user clicks
on the star, seapplet will start sealert.
sealert now exits on closing of the browser and setroubleshootd will
shutdown after 10 seconds of no AVC messages and the sealert browser is
The sealert browser also sends a dbus message to wake up setroubleshoot
since it needs it to handle reading the AVC messages.
This change was made to make boot faster use less memory, and is part of
a big redesign of setroubleshoot. A redesigned GUI should be released
to Rawhide soon.
More information about the fedora-selinux-list