Disabling selinux question
James Antill
james.antill at redhat.com
Fri Jan 4 15:16:40 UTC 2008
On Fri, 2008-01-04 at 12:36 +0100, Linus Walleij wrote:
> On Thu, 3 Jan 2008, John Dennis wrote:
>
> > auditd is the general auditing facility, SELinux messages are just one of the
> > possible auditing messages.
>
> But on a Fedora default install SELinux is the only thing using and
> requiring it, right?
No, think of it more like a different logging protocol. If you want to
get rid of "Yet another daemon" the best method would be to add audit
input support to the rsyslogd package.
> > setroubleshootd is a diagnostic tool. If SELinux is completely disabled the
> > daemon exits if started.
>
> OK, should it have "# hide: true" in /etc/init.d/setroubleshootd so it
> doesn't even turn up in system-config-services?
>
> > Allowing
> > the daemon to decide if it should run or exit is more robust than some
> > utility which thinks it knows if something should be chkconfig'ed on or not
> > because it will almost certainly get that answer wrong.
>
> Then all these smart daemons should have "# hide : true" in their
> respective /etc/init.d/foo script so avoid being managed by the smart
> utility system-config-services, am I right?
This means people can't stop the service, why do you want to do
that? Nothing "bad" happens if you stop any of these.
--
James Antill <james.antill at redhat.com>
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20080104/70e53d67/attachment-0002.bin
More information about the devel
mailing list