[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Forward looking to FC2 final and SELinux




> -----Original Message-----
> From: fedora-devel-list-bounces redhat com [mailto:fedora-devel-list-
> bounces redhat com] On Behalf Of Chris Kloiber, RHCX
> Sent: Thursday, April 08, 2004 3:17 AM
> To: Development discussions related to Fedora Core
> Subject: Re: Forward looking to FC2 final and SELinux
> 
> 
> I would like to see permissive mode the default, but don't spam
> /dev/console. Instead log the avc errors to a different local# facility,
> and capture that information separately from /var/log/messages. A gui
> log viewer specifically for the selinux.log that could parse the denial
> messages and propose policy source changes on a per-application basis
> would be very nice, probably a pipe dream short term though.
> 

A gui log viewer called seaudit is part of the setools package from Tresys
(http://www.tresys.com/selinux/index.html - screenshot here
http://www.tresys.com/Downloads/selinux-tools/seaudit/seaudit.gif ). Dan
Walsh has created packages that part of Fedora Core 2.

Note that this tool doesn't suggest policy changes. I think that it is
non-trivial to create a tool to suggest useful policy changes and even then
any suggestions would have to be carefully considered by the user.

Karl


> --
> Chris Kloiber, RHCX
> Red Hat, Inc.
> 
> 
> 
> --
> fedora-devel-list mailing list
> fedora-devel-list redhat com
> http://www.redhat.com/mailman/listinfo/fedora-devel-list



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]