Re: too many sealerts, most have been reported, and still see denials

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




--- On Sat, 9/12/09, Eric Paris <eparis@xxxxxxxxxx> wrote:

> From: Eric Paris <eparis@xxxxxxxxxx>
> Subject: Re: too many sealerts, most have been reported, and still see denials
> To: "Antonio Olivares" <olivares14031@xxxxxxxxx>
> Cc: "Justin P. Mattock" <justinmattock@xxxxxxxxx>, fedora-selinux-list@xxxxxxxxxx
> Date: Saturday, September 12, 2009, 4:07 PM
> On Sat, 2009-09-12 at 13:55 -0700,
> Antonio Olivares wrote:
> > > Not exactly sure whats happening. keep in mind
> > > if your using a development versions of fedora,
> > > then you will run into issues.(if your on stable
> then
> > > you should be fine).
> > >
> > I knew that ahead of time, but it did not seem to be
> this troublesome this time with Fedora 12.  I have been
> testing since Fedora 5 Test 2 release and have not
> encountered as many denials as I have in this Fedora 12
> testing phase.  Guess many don't complain because they
> run selinux disabled selinux=0, or enforcing=0 so they don't
> care to report the issues?  
> 
> No, the vast majority of the 'denials' aren't actually
> denials.  Dan
> removed all unconfined domains and replaced them with
> permissive
> domains.  An unconfined domain allows everything and
> audits nothing.  A
> permissive domain allows everything but audits every time
> there is no
> allow rule for a given request.
> 
> This has helped to define the actual needs of many of the
> unconfined
> domains.  And hopefully we can remove them entirely in
> the future.
> Please keep filing bugs.
>
Thanks for encouraging me to keep filing bugs.  I will continue running it and report errors whenever I can.  I hope that the bug reporter works, because it breaks once in a while :(  
> 
> It's no surprise you are getting more messages, but it
> shouldn't be
> really different than in previous development for the
> number of problems
> it actually causes.
> 
> -Eric
> 
> 
Regards,

Antonio 


      

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux