Another selinux rant
Eric Paris
eparis at redhat.com
Sun Jan 6 23:54:14 UTC 2008
On Sun, 2008-01-06 at 18:05 -0500, Yaakov Nemoy wrote:
> On Jan 6, 2008 5:51 PM, James Morris <jmorris at namei.org> wrote:
> > > That could be the case. Perhaps there's something that could be added
> > > to Smolt to allow the history of avc denials to be uploaded as part of
> > > the profile - that would allow some really interesting analysis.
> >
> > Smolt has been collecting this information, but it has not yet been
> > published on the web site (hopefully soon).
>
> Smolt doesn't collect that information, and that seems like a bad idea
> for something for Smolt to collect. Well, if you wanted to make
> something like kerneloops, but called selinuxoops, then maybe we can
> link Smolt information together on an opt-in basis. I'm not sure what
> you would gain by knowing what kind of CPU generated an SELinux error,
> it would be no different than diagnosing permissions problems
> remotely. It's all in the software.
I don't know all the details but I do know smolt is collecting the
number of users who are leaving selinux turned on vs off. I haven't
heard anything about AVC denial counts and stuff like that. Hopefully
we will soon have published numbers about how many people are 'happily'
running with selinux.
-Eric
More information about the fedora-devel-list
mailing list