-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/17/14, 8:04, Matthew Miller wrote: > I was looking at https://fedorahosted.org/fesco/ticket/1311, and > it occured to me that we don't ship the selinux troubleshooting > tools by default in the minimal cloud image (add 'em if you need > them). We do leave _audit_ there. > > What do people think about removing it? (As noted in the ticket, > it's mostly useful with configuration, not in the default state.) If a user could still get their AVC denials logged without full syscall auditing, then I support the change. From what I understand, you can disable syscall auditing without losing your AVC messages. Anyone who needs to run complicated audit rules (perhaps some from CIS or OpenSCAP) will probably customize the image a fair amount before running it in production anyway. - -- Major Hayden -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJToEcFAAoJEONAdDQ9I/mwvXwH/17snCRI/9DSdWeImTiGSVAf c1TE4Karqa/ang8RvSPW9/8dlwRu1LEnUwvmCHjuvGceLHxD3Ugkk66Aimhu7f/f 2O+hnn96un0h4i88hsNSv3Kio+G24l84ZbU5lJ3R5ZPRca5pGmeP7DfSNZTspUyA y0tiutVBPGV+uGjmMUDjqPi28bfbpdHuOq8ZkKlm3HNA8F8x2/dRBqukXxxH4b7R mHdrhXAQf+kwT4tHdGjY9ePr7jmXehnIvIPWYxGFyR5H0q4Xm8bwjkqbBMNO8tpG yHbqOFNXGjqb5LfmjyEB6H+5RWNOK7a+pXdLqGw+OuHVt0StnMo2n4W/LmsLQBU= =H75s -----END PGP SIGNATURE----- -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
