Proactive SELinux fixes from automatic collection of logs
John Dennis
jdennis at redhat.com
Fri Jun 29 15:58:14 UTC 2007
On Fri, 2007-06-29 at 17:33 +0200, Paulo Santos wrote:
> John and Daniel,
>
> In which case would then be used the application[1] that Daniel wants
> the Infrastructure Team to host ?
>
> [1] http://fedoraproject.org/wiki/Infrastructure/RFR/SELinux
>
> From what you say, the setroubleshoot tool is already a pretty
> complete application.
Let me explain Dan's request so you can see it in context. One of the
features of setroubleshoot is its ability to scan a log file and analyze
AVC denials. You can already do this in the GUI. But for folks who don't
have setroubleshoot installed the idea was folks could go to a web page
and upload the log file and have the CGI script perform the analysis and
display the results. The request you cite was for CGI support for this.
I believe the CGI is already written, it just needs "a place to live".
BTW, log file analysis is a compromise because the analysis parts of the
tool cannot interrogate the system for information not in the log, this
may result in a less thorough analysis.
BTW, I realized after sending my earlier reply it contained a number of
typos and I didn't proofread it, my apologies if it made it hard to
read.
--
John Dennis <jdennis at redhat.com>
More information about the fedora-selinux-list
mailing list