--- On Sat, 9/12/09, Eric Paris <eparis@xxxxxxxxxx> wrote:
> From: Eric Paris <eparis@xxxxxxxxxx>
> Subject: Re: too many sealerts, most have been reported, and still see denials
> To: "Antonio Olivares" <olivares14031@xxxxxxxxx>
> Cc: "Justin P. Mattock" <justinmattock@xxxxxxxxx>, fedora-selinux-list@xxxxxxxxxx
> Date: Saturday, September 12, 2009, 4:07 PM
> On Sat, 2009-09-12 at 13:55 -0700,
> Antonio Olivares wrote:
> > > Not exactly sure whats happening. keep in mind
> > > if your using a development versions of fedora,
> > > then you will run into issues.(if your on stable
> then
> > > you should be fine).
> > >
> > I knew that ahead of time, but it did not seem to be
> this troublesome this time with Fedora 12. I have been
> testing since Fedora 5 Test 2 release and have not
> encountered as many denials as I have in this Fedora 12
> testing phase. Guess many don't complain because they
> run selinux disabled selinux=0, or enforcing=0 so they don't
> care to report the issues?
>
> No, the vast majority of the 'denials' aren't actually
> denials. Dan
> removed all unconfined domains and replaced them with
> permissive
> domains. An unconfined domain allows everything and
> audits nothing. A
> permissive domain allows everything but audits every time
> there is no
> allow rule for a given request.
>
> This has helped to define the actual needs of many of the
> unconfined
> domains. And hopefully we can remove them entirely in
> the future.
> Please keep filing bugs.
>
Thanks for encouraging me to keep filing bugs. I will continue running it and report errors whenever I can. I hope that the bug reporter works, because it breaks once in a while :(
>
> It's no surprise you are getting more messages, but it
> shouldn't be
> really different than in previous development for the
> number of problems
> it actually causes.
>
> -Eric
>
>
Regards,
Antonio
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
