On Fri, 2008-01-04 at 12:32 +0100, Linus Walleij wrote: > Eric and others, please be patient with me now, because I'm trying to > understand our implicit rationale surrounding the selinux services here, > I'm not ranting. I might very well be uneducated and stupid, but sometimes > (as has been said before) it is useful to take the perspective of a > newcomer to a certain system (or in my case subsystem) and try to > understand why this user has problems with it. Rant away, I've heard enough SELinux rants over the years *smile* I just hope that every rant I hear from now on comes from someone who tried SELinux on F8! > > On Thu, 3 Jan 2008, Eric Paris wrote: > > > selinux uses auditd but they are not at all closely coupled. selinux > > will function fine without auditd and auditd provides all of its > > capabilities without selinux. There is no reason these 2 should be > > coupled together. > > I get it. (Did some homework reading up on auditd here.) > > So every Fedora user must have these (right?): > root 2219 0.0 0.0 12288 684 ? S<sl 10:14 0:00 auditd > root 2221 0.0 0.0 12200 708 ? S<sl 10:14 0:00 /sbin/audispd > > What else, besides selinux, is using auditd in Fedora right now or in the > immediate future? (Since we're a distribution we don't count theoretical > use cases I hope...) > > bash-3.2$ repoquery --whatrequires `repoquery --provides audit` > setroubleshoot-server-0:2.0.0-3.fc9.noarch > audispd-plugins-0:1.6.4-3.fc9.i386 > seedit-0:2.2.0-1.fc9.i386 > amtu-0:1.0.6-1.fc9.i386 > audit-0:1.6.4-3.fc9.i386 > you didn't talk about 'audit' the audit subsystem is a freestanding subsystem with lots of capabilities and functionality of its own. By default, without any of those packages installed audit is still going to get messages like user login, segfaulting programs, changes of nics to promiscuous, and other information. Audit can be used free standing to audit events on your system, see man auditctl There is no reason that a user cannot turn auditd off themselves (kernel just reroutes the messages to syslog rather than audit log) but audit still functions and serves a purpose all by itself. My opinion, if you disable SELinux in the installer (or s-c-selinux) it should disable those other programs you mentioned if those programs are not smart enough to not run on their own. (sounds like setroubleshoot and i'm going to guess sealert already are smart enough and anaconda/s-c-* shouldn't bother them...) -Eric -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
