too many sealerts, most have been reported, and still see denials
Eric Paris
eparis at redhat.com
Sat Sep 12 23:07:26 UTC 2009
On Sat, 2009-09-12 at 13:55 -0700, Antonio Olivares wrote:
> > Not exactly sure whats happening. keep in mind
> > if your using a development versions of fedora,
> > then you will run into issues.(if your on stable then
> > you should be fine).
> >
> I knew that ahead of time, but it did not seem to be this troublesome this time with Fedora 12. I have been testing since Fedora 5 Test 2 release and have not encountered as many denials as I have in this Fedora 12 testing phase. Guess many don't complain because they run selinux disabled selinux=0, or enforcing=0 so they don't care to report the issues?
No, the vast majority of the 'denials' aren't actually denials. Dan
removed all unconfined domains and replaced them with permissive
domains. An unconfined domain allows everything and audits nothing. A
permissive domain allows everything but audits every time there is no
allow rule for a given request.
This has helped to define the actual needs of many of the unconfined
domains. And hopefully we can remove them entirely in the future.
Please keep filing bugs.
It's no surprise you are getting more messages, but it shouldn't be
really different than in previous development for the number of problems
it actually causes.
-Eric
More information about the fedora-selinux-list
mailing list