On Mon, 2008-02-18 at 23:45 -0500, Yaakov Nemoy wrote: > On Feb 18, 2008 11:25 PM, James Morris <jmorris@xxxxxxxxx> wrote: > > It seems that the SELinux enablement stats are now online -- thanks! > > > > I have a question about what the numbers mean. The current values are: > > > > SELinux Enabled > > False 185085 53.3 % > > True 162262 46.7 % > > > > for 347347 registered hosts. > > > > Now, the "OS" column include several distros and versions, including FC5, > > Centos5 through to current rawhide, with the same number of total hosts. > > > > As the SELinux figures have only been collected since F8, does this mean > > that we should calculate "total SELinux enabled" only for: > > > > OS Hosts > > F8 130282 > > F7.x (rawhide) 5517 > > F8.x (rawhide) 920 > > ---------------------------- > > 136719 (actually providing SELinux stats) > > ---------------------------- > > > > where the percentage enabled is actually thus at least 74% ? > > We probably need more detailed reporting for this sort of thing. I'll > put it on a TODO, for after FOSDEM. I wanted to get this draft out, > so we can decide what reporting we need on a more evolutionary basis. > (Or by intelligent design if you hold by that sort of thing.) > > (Don't worry, I made myself promise myself that I wouldn't pick up new > project ideas this time around. I'll hopefully be able to take care > of this fairly quickly.) Hi, Any progress on this? At the least, it would be nice if the smolt selinux stats page only reported enabled/disabled information for Fedora 8 and later where it was actually being collected correctly (I wouldn't use anything prior, since Fedora 8 test2 had a bug in its reporting and Fedora 7 and earlier had no reporting for it, IIUC). Otherwise, the selinux stats page is essentially useless in its current form. Also, I don't understand the SELinux Enforce section of the page - there seems to be a mixture of policy type (e.g. targeted, seedit, strict) and enforcing status (enforcing, permissive) there, which then overlaps with the SELinux policy section. Possibly by omitting everything prior to Fedora 8 release would clear that up too since the precise information being reported changed. -- Stephen Smalley National Security Agency -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
