SELinux last straw
Andy Green
andy at warmcat.com
Wed Oct 17 20:04:46 UTC 2007
Somebody in the thread at some point said:
> Jacques B. wrote:
>>
>> 3 - How can you effectively troubleshoot an existing problem when a
>> past one was not dealt in such a manner as to ensure that it was
>> corrected
>
> How can you use a system that does not have an effective troubleshooting
> mechanism regardless of how it got into its current state? The simple
> traditional unix mechanism is something you can easily understand and
> verify.
>
>> (the intrusion incident being the most notable one but I'm
>> sure others on the list could identify other past issues that were
>> potentially not dealt with adequately based on what was posted in
>> those threads). The existing problem could be a domino effect from a
>> past problem and may never be properly dealt with until the underlying
>> issue is dealt with.
>
> Regardless, you should have a way to check and fix it, unless what you
> are running is unimportant and you can abandon it.
Maybe a mode that blocks the process until you yea or nay it could be
interesting.
Otherwise, you can fall back to permissive if this process is in the way
of an upgrade or otherwise uncommon.
-Andy
More information about the fedora-list
mailing list