Developers of packages please pay attention to selinux labeling.
Daniel J Walsh
dwalsh at redhat.com
Thu Jul 15 13:34:57 UTC 2010
On 07/15/2010 06:04 AM, Richard W.M. Jones wrote:
> On Thu, Jul 15, 2010 at 03:29:34PM +0530, Rahul Sundaram wrote:
>> On 07/15/2010 02:22 PM, Richard W.M. Jones wrote:
>>> On Tue, Jul 13, 2010 at 04:47:40PM +0200, Tomasz Torcz wrote:
>>>
>>>> There are sometimes such obvious errors and missing labels that I
>>>> cannot imagine not catching an audit message when program fails to
>>>> even start!
>>>>
>>> A lot of my Fedora machines are virtualized and I only ever interact
>>> with them by ssh. While I would see a program if it failed to start,
>>> I don't generally see any SELinux audit messages ever. (The bloated
>>> python SELinux audit daemon whatever it's called is usually the first
>>> thing I kill when I install Fedora on my desktop too ...)
>>>
>> Wasn't it rewritten in C recently?
>
> I didn't know that. I'll try the new version when I next do my
> annual desktop upgrade.
>
> Rich.
>
setroubleshoot has been modified to only start on dbus activation,
arrival of an AVC message or client app starting up, service exits 10
seconds after last AVC arrival. Applet that shows the star (Check
engine light) is now C code.
More information about the devel
mailing list