Re: rhgb no more

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2008-05-15 at 08:24 -0400, Steve Grubb wrote:
> On Tuesday 13 May 2008 13:07:51 Ray Strode wrote:
> > The replacement for rhgb will be a mixture of two things:
> >
> > 1) Starting gdm as early as possible and fitting it to give boot
> > progress before asking for login.
> 
> Please note that the audit daemon needs to start before any daemon if you want 
> it to work right. There's a couple reasons, one being that it enables the 
> audit system and without that, any process running before the audit daemon is 
> not auditable - ever. The work around is to add audit=1 to grub.conf, but 
> then you get a performance hit for everyone.
> 
> The second reason is that any audit event that occurs before the audit daemon 
> runs could be lost. There may be AVCs on boot that you want or something else 
> important that you wanted to capture.
> 
> I guess the message is without coordination, some of our security features may 
> not be working right unless consideration is given to their needs.

It certainly doesn't help if these security features are 'special' in
these little ways that then to easily break them.

Isn't there something we can do to fix this ? Either make the audit
system cope with userspace parts coming later, or if starting auditd
first is really a hard requirement, implement that in a way that doesn't
require mailing list reminders ?

Matthias


-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux