On 4/20/05, Russell Coker <russell@xxxxxxxxxxxx> wrote: > On Tuesday 19 April 2005 23:07, "Christofer C. Bell" > <christofer.c.bell@xxxxxxxxx> wrote: > > On 4/18/05, Russell Coker <russell@xxxxxxxxxxxx> wrote: > > > On Tuesday 19 April 2005 12:25, Valdis.Kletnieks@xxxxxx wrote: > > > > Personally, I'm not thrilled by the idea of sticking in dontaudit rules > > > > to quiet complaints at boot time that are caused by directories that > > > > are mislabelled. > > > > > > Why not? > > > > I can't speak for Valdis, but for me the word "kludge" comes to mind. > > It's not a kludge. The purpose of dontaudit rules is to prevent auditing of > operations that are not permitted, not interesting, and expected to happen. > This is exactly the situation. You say that dontaudit rules are to cover the following circumstances: 1. Not permitted. 2. Not interesting. 3. Expected to happen. That's not what's going on here and using dontaudit is a kludge. The OP is stating that *mount points* for /usr, /usr/local, and /usr/share are generating complaints because they're not properly labled prior to being mounted. These are the directories themselves and not directories that are hidden by the mount. This is "interesting" and "not expected to happen," failing points 2 and 3. Regardless if the fix can be automated or not, telling the system to "just ignore it" is inappropriate IMO. -- Chris () ASCII Ribbon Campaign! /\ Say NO to HTML in Mail and News! -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
