[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Proactive SELinux fixes from automatic collection of logs

On Fri, 2007-06-29 at 17:33 +0200, Paulo Santos wrote:
> John and Daniel,
> In which case would then be used the application[1] that Daniel wants
> the Infrastructure Team to host ?
> [1] http://fedoraproject.org/wiki/Infrastructure/RFR/SELinux
> From what you say, the setroubleshoot tool is already a pretty
> complete application.

Let me explain Dan's request so you can see it in context. One of the
features of setroubleshoot is its ability to scan a log file and analyze
AVC denials. You can already do this in the GUI. But for folks who don't
have setroubleshoot installed the idea was folks could go to a web page
and upload the log file and have the CGI script perform the analysis and
display the results. The request you cite was for CGI support for this.
I believe the CGI is already written, it just needs "a place to live".

BTW, log file analysis is a compromise because the analysis parts of the
tool cannot interrogate the system for information not in the log, this
may result in a less thorough analysis.

BTW, I realized after sending my earlier reply it contained a number of
typos and I didn't proofread it, my apologies if it made it hard to
John Dennis <jdennis redhat com>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]