On Sat, 2009-09-12 at 13:55 -0700, Antonio Olivares wrote:
> Not exactly sure whats happening. keep in mind
> if your using a development versions of fedora,
> then you will run into issues.(if your on stable then
> you should be fine).
>
I knew that ahead of time, but it did not seem to be this troublesome this time with
Fedora 12. I have been testing since Fedora 5 Test 2 release and have not encountered as
many denials as I have in this Fedora 12 testing phase. Guess many don't complain
because they run selinux disabled selinux=0, or enforcing=0 so they don't care to
report the issues?
No, the vast majority of the 'denials' aren't actually denials. Dan
removed all unconfined domains and replaced them with permissive
domains. An unconfined domain allows everything and audits nothing. A
permissive domain allows everything but audits every time there is no
allow rule for a given request.
This has helped to define the actual needs of many of the unconfined
domains. And hopefully we can remove them entirely in the future.
Please keep filing bugs.
It's no surprise you are getting more messages, but it shouldn't be
really different than in previous development for the number of problems
it actually causes.
-Eric