Re: Selinux in development releases

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> From: "Jóhann B. Guðmundsson" <johannbg@xxxxxxxxx>
> To: test@xxxxxxxxxxxxxxxxxxxxxxx
> Date: 09/24/2012 16:25
> Subject: Re: Selinux in development releases
> Sent by: test-bounces@xxxxxxxxxxxxxxxxxxxxxxx
>
> On 09/24/2012 08:16 PM, drago01 wrote:
> > On Mon, Sep 24, 2012 at 10:13 PM, "Jóhann B. Guðmundsson"
> > <johannbg@xxxxxxxxx> wrote:
> >> I hereby propose that we default selinux to permissive mode up to final
> >> which should just get rid of unneeded nuance during testing.
> > -1
> >
> > This would just mean we test something different then we actually
> > ship. If there are selinux bugs they are supposed to be cough during
> > testing and reported like any other bugs.
>
> With permissive mode we should still be able to catch all those errors
> and report them without all the downside that comes with having it in
> enforcing mode during our development releases...


Not true from what I've witnessed.  There are certain rules that indeed block some action, but do not get logged.  I've encountered several over the years and was only able to detect these by toggling enforcing/permissive.  I do wish there was some master switch to temporarily enable logging for them.

I concur that Dan is superhuman in his response times.

--
John Florian

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux