Forward looking to FC2 final and SELinux
Chris Kloiber
ckloiber at redhat.com
Fri Apr 9 02:49:53 UTC 2004
On Fri, 2004-04-09 at 03:01, Karl MacMillan wrote:
> > -----Original Message-----
> > From: fedora-devel-list-bounces at redhat.com [mailto:fedora-devel-list-
> > bounces at redhat.com] On Behalf Of Chris Kloiber, RHCX
> > Sent: Thursday, April 08, 2004 3:17 AM
> > To: Development discussions related to Fedora Core
> > Subject: Re: Forward looking to FC2 final and SELinux
> >
> >
> > I would like to see permissive mode the default, but don't spam
> > /dev/console. Instead log the avc errors to a different local# facility,
> > and capture that information separately from /var/log/messages. A gui
> > log viewer specifically for the selinux.log that could parse the denial
> > messages and propose policy source changes on a per-application basis
> > would be very nice, probably a pipe dream short term though.
> >
>
> A gui log viewer called seaudit is part of the setools package from Tresys
> (http://www.tresys.com/selinux/index.html - screenshot here
> http://www.tresys.com/Downloads/selinux-tools/seaudit/seaudit.gif ). Dan
> Walsh has created packages that part of Fedora Core 2.
>
> Note that this tool doesn't suggest policy changes. I think that it is
> non-trivial to create a tool to suggest useful policy changes and even then
> any suggestions would have to be carefully considered by the user.
>
> Karl
Thanks, now if I can ever get 'rawhide-latest' installed on my eMachines
M6807 laptop... :)
--
Chris Kloiber, RHCX
Red Hat, Inc.
More information about the fedora-devel-list
mailing list