selinux is a pain
Bruno Wolff III
bruno at wolff.to
Tue Sep 20 15:39:44 UTC 2011
On Tue, Sep 20, 2011 at 09:12:37 -0500,
Richard Shaw <hobbes1069 at gmail.com> wrote:
>
> Beware of one problem with the sealert/audit2allow instructions. At
> least in my experience, it goes through the whole log and creates a
> policy to allow all denied actions, not necessarily just the one you
> care about. Also, the created policies can be overly generic and allow
> way more access than is really needed.
I didn't state it, but yes you want to review the output and only add
stuff that is believed to be appropriate.
More information about the users
mailing list