[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Forward looking to FC2 final and SELinux



On Fri, 2004-04-09 at 03:01, Karl MacMillan wrote:
> > -----Original Message-----
> > From: fedora-devel-list-bounces redhat com [mailto:fedora-devel-list-
> > bounces redhat com] On Behalf Of Chris Kloiber, RHCX
> > Sent: Thursday, April 08, 2004 3:17 AM
> > To: Development discussions related to Fedora Core
> > Subject: Re: Forward looking to FC2 final and SELinux
> > 
> > 
> > I would like to see permissive mode the default, but don't spam
> > /dev/console. Instead log the avc errors to a different local# facility,
> > and capture that information separately from /var/log/messages. A gui
> > log viewer specifically for the selinux.log that could parse the denial
> > messages and propose policy source changes on a per-application basis
> > would be very nice, probably a pipe dream short term though.
> > 
> 
> A gui log viewer called seaudit is part of the setools package from Tresys
> (http://www.tresys.com/selinux/index.html - screenshot here
> http://www.tresys.com/Downloads/selinux-tools/seaudit/seaudit.gif ). Dan
> Walsh has created packages that part of Fedora Core 2.
> 
> Note that this tool doesn't suggest policy changes. I think that it is
> non-trivial to create a tool to suggest useful policy changes and even then
> any suggestions would have to be carefully considered by the user.
> 
> Karl

Thanks, now if I can ever get 'rawhide-latest' installed on my eMachines
M6807 laptop... :)

-- 
Chris Kloiber, RHCX
Red Hat, Inc.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]