Selinux in development releases
John.Florian at dart.biz
John.Florian at dart.biz
Tue Sep 25 12:17:34 UTC 2012
> From: "Jóhann B. Guðmundsson" <johannbg at gmail.com>
> To: test at lists.fedoraproject.org
> Date: 09/24/2012 16:25
> Subject: Re: Selinux in development releases
> Sent by: test-bounces at lists.fedoraproject.org
>
> On 09/24/2012 08:16 PM, drago01 wrote:
> > On Mon, Sep 24, 2012 at 10:13 PM, "Jóhann B. Guðmundsson"
> > <johannbg at gmail.com> wrote:
> >> I hereby propose that we default selinux to permissive mode up to
final
> >> which should just get rid of unneeded nuance during testing.
> > -1
> >
> > This would just mean we test something different then we actually
> > ship. If there are selinux bugs they are supposed to be cough during
> > testing and reported like any other bugs.
>
> With permissive mode we should still be able to catch all those errors
> and report them without all the downside that comes with having it in
> enforcing mode during our development releases...
Not true from what I've witnessed. There are certain rules that indeed
block some action, but do not get logged. I've encountered several over
the years and was only able to detect these by toggling
enforcing/permissive. I do wish there was some master switch to
temporarily enable logging for them.
I concur that Dan is superhuman in his response times.
--
John Florian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/test/attachments/20120925/49866444/attachment.html>
More information about the test
mailing list