On Thu, 2004-04-08 at 14:46, Alexandre Oliva wrote: > On Apr 7, 2004, Matias Feliciano <feliciano.matias@xxxxxxx> wrote: > > > Le mar 06/04/2004 à 20:59, Jesse Keating a écrit : > >> [...] > >> The option for SELinux should continue to be exposed during the install > >> (and kickstarts), but default to off. > > > +1 > > How would you feel about permissive mode instead of disabled as the > default? I would like to see permissive mode the default, but don't spam /dev/console. Instead log the avc errors to a different local# facility, and capture that information separately from /var/log/messages. A gui log viewer specifically for the selinux.log that could parse the denial messages and propose policy source changes on a per-application basis would be very nice, probably a pipe dream short term though. -- Chris Kloiber, RHCX Red Hat, Inc.
