Linus Walleij wrote:
Here's a spinoff relating to selinux from discussions around
system-config-services and its UI. selinux seem to involve the following
services/daemons:
auditd
mcstrans
restorecond
setroubleshoot
If I use system-config-selinux or anaconda to disable SELinux
altogether, then none of these are disabled accordingly. The only case
seems to be that auditd is turn on if I disable them all manually and
then enable SELinux.
Is this a bug or is there something I don't get here?
auditd is the general auditing facility, SELinux messages are just one
of the possible auditing messages. You wouldn't want to disable auditing
just because SELinux was disabled, that would disable all auditing.
setroubleshootd is a diagnostic tool. If SELinux is completely disabled
the daemon exits if started.
Your expectation seems to be that if you disable SELinux it will
chkconfig off certain daemons. There is a distinction between having a
daemon started (e.g. chkconfig on) and whether it continues to run once
started. Allowing the daemon to decide if it should run or exit is more
robust than some utility which thinks it knows if something should be
chkconfig'ed on or not because it will almost certainly get that answer
wrong.
--
John Dennis <jdennis@xxxxxxxxxx>
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
