Michael Wiktowy wrote:
On Jan 4, 2008 6:54 PM, Jonathan Underwood <jonathan.underwood@xxxxxxxxx> wrote:
That could be the case. Perhaps there's something that could be added
to Smolt to allow the history of avc denials to be uploaded as part of
the profile - that would allow some really interesting analysis.
That is a great idea!
Even just something that indicates the proportion of people using
enforcing/permissive/disabled. That would be useful to either support
or refute the periodic SELinux rant threads based on people's personal
usage patterns and seem to take on a life of their own and inevitably
lead to statistics being pulled out of thin air.
For what it's worth setroubleshoot was designed to allow sending it's
analysis to a central server to coalesce all the reports to get a global
view (and to allow notifications to be sent back to the reporter when
their issue was fixed if it was a bug). This was never fully implemented
for the following reasons:
* audit data is security sensitive, transmitting it to a central server
raises a host of issues.
* we needed a host to run the server on, at the time none existed
(fedoraproject might be a viable option today).
* no one thought it was important.
The code in setroubleshoot still has all the logic built into it to
support central aggregation, as it has from day one. But we would have
to build the central server and solve the security issues. But this
would occur if and only if there was a consensus this was important and
volunteers stepped forward to perform the work.
--
John Dennis <jdennis@xxxxxxxxxx>
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
