[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Proposal: Improving SELinux <--> user interaction on Fedora - Kerneloops for SELinux

On Fri, 2008-07-18 at 09:00 +1000, Dave Airlie wrote:
> On Thu, 2008-07-17 at 17:57 -0500, Arthur Pemberton wrote:
> > On Thu, Jul 17, 2008 at 5:53 PM, Dave Airlie <airlied redhat com> wrote:

> > > kerneloops does it right, opt in, send somewhere useful, next step if
> > > somewhere useful has seen the AVC and we knows its safe, maybe send
> > > something back saying continue and ignore, but don't involve the user in
> > > the mess other than asking for opt-in.
> > 
> > This may be a good idea. Have the service make a decision to continue
> > deny on temporarily allow based on available knowledge from the
> > server.
> > 
> > How much private info if any would be in the average AVC?
> Good point I am reminded of some of those totem backtraces with porn
> movies in the backtrace :)

Perhaps flag backtraces including files covered by (Fedora) RPMs
differently to backtraces that reference user files (and specific other
files, like .xsession-errors)?

(and yes, I realise this might be difficult to do, but is probably the
only sane line between private and not-so-private files on a system). 

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]