[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Disabling selinux question



Linus Walleij wrote:
Here's a spinoff relating to selinux from discussions around system-config-services and its UI. selinux seem to involve the following services/daemons:

auditd
mcstrans
restorecond
setroubleshoot

If I use system-config-selinux or anaconda to disable SELinux altogether, then none of these are disabled accordingly. The only case seems to be that auditd is turn on if I disable them all manually and then enable SELinux.

Is this a bug or is there something I don't get here?


auditd is the general auditing facility, SELinux messages are just one of the possible auditing messages. You wouldn't want to disable auditing just because SELinux was disabled, that would disable all auditing.

setroubleshootd is a diagnostic tool. If SELinux is completely disabled the daemon exits if started.

Your expectation seems to be that if you disable SELinux it will chkconfig off certain daemons. There is a distinction between having a daemon started (e.g. chkconfig on) and whether it continues to run once started. Allowing the daemon to decide if it should run or exit is more robust than some utility which thinks it knows if something should be chkconfig'ed on or not because it will almost certainly get that answer wrong.


--
John Dennis <jdennis redhat com>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]