On Fri, 2008-07-18 at 09:00 +1000, Dave Airlie wrote: > On Thu, 2008-07-17 at 17:57 -0500, Arthur Pemberton wrote: > > On Thu, Jul 17, 2008 at 5:53 PM, Dave Airlie <airlied redhat com> wrote: > > > kerneloops does it right, opt in, send somewhere useful, next step if > > > somewhere useful has seen the AVC and we knows its safe, maybe send > > > something back saying continue and ignore, but don't involve the user in > > > the mess other than asking for opt-in. > > > > This may be a good idea. Have the service make a decision to continue > > deny on temporarily allow based on available knowledge from the > > server. > > > > How much private info if any would be in the average AVC? > > Good point I am reminded of some of those totem backtraces with porn > movies in the backtrace :) Perhaps flag backtraces including files covered by (Fedora) RPMs differently to backtraces that reference user files (and specific other files, like .xsession-errors)? (and yes, I realise this might be difficult to do, but is probably the only sane line between private and not-so-private files on a system). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
Description: This is a digitally signed message part