Selinux in development releases
Michael Cronenworth
mike at cchtml.com
Mon Sep 24 21:39:13 UTC 2012
"Jóhann B. Guðmundsson" wrote:
> This bug is filed against RHEL in any case just have it in permissive
> mode up to beta should suffice and prevent any RC_N surprises
Jóhann, I didn't blindly post the first bug I found.
I ran into this bug on a Fedora system, which is the only reason I knew
about it in the first place.
If you read the bug comments you will find:
* With Enforcing: No AVC messages were output, but dirsrv-admin
could not be started
* With Permissive: No AVC messages where output, but
dirsrv-admin started
If you default to Permissive then you *will* miss possible policy bugs.
Some of these are hidden in "dontaudit" messages such as the bug I linked.
>
> It would be good to get feed back from Dan what's his taken on this
Good. I know I'm Mr. Nobody here, but his answer would be definitive.
More information about the test
mailing list