Fedora11 and Setroubleshoot-server

Daniel J Walsh dwalsh at redhat.com
Wed Jun 10 11:56:55 UTC 2009

On 06/09/2009 03:43 PM, Vadym Chepkov wrote:
> I would be glad to know what that is I suppose to start "faster" now. Is Fedora becoming strictly a desktop solution and I need to start looking for something else for a server? I am just curious.
> Sincerely yours,
>    Vadym Chepkov
> --- On Tue, 6/9/09, David P. Quigley<dpquigl at tycho.nsa.gov>  wrote:
>> From: David P. Quigley<dpquigl at tycho.nsa.gov>
>> Subject: Re: Fedora11 and Setroubleshoot-server
>> To: "Vadym Chepkov"<chepkov at yahoo.com>
>> Cc: "Fedora SELinux"<fedora-selinux-list at redhat.com>
>> Date: Tuesday, June 9, 2009, 2:42 PM
>> I could be wrong so don't hold me to
>> this but I remember hearing that
>> they moved this service into being started as needed by
>> another
>> component. I believe this was done to help with boot times.
>> If I
>> remember correctly setroubleshoot should start up when it
>> receives the
>> first AVC denial.
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
In stead of having two huge python programs running all of the time 
doing nothing we have reimplemented setroubleshoot into a dbus 
application.  Now you have two small C apps sedispatch which listens to 
auditdispatch for avc messages and seapplet is running on the desktop to 
listen for dbus messages from setroubleshootd to put up the star.

setroubleshoot is now a dbus service.  Audit listens for all messages 
which hands it to audispd which hands the messages to sedispatch.  Which 
you should see running on your system.

When sedisatch sees an AVC it sends a dbus message to setroubleshootd. 
Dbus will start setroubleshootd if it is not running.  When 
setroulbleshootd sees the message it analyzes it and sends a dbus signal 
to all seapplets, the seapplet will put up the Star.  If the user clicks 
on the star, seapplet will start sealert.

sealert now exits on closing of the browser and setroubleshootd will 
shutdown after 10 seconds of no AVC messages and the sealert browser is 
shut down.

The sealert browser also sends a dbus message to wake up setroubleshoot 
since it needs it to handle reading the AVC messages.

This change was made to make boot faster use less memory, and is part of 
a big redesign of setroubleshoot.  A redesigned GUI should be released 
to Rawhide soon.

More information about the fedora-selinux-list mailing list