On Sun, Jan 16, 2011 at 11:06:47AM -0600, Chris Richards wrote:
> My general feeling is that the system should operate FROM THE USER
> PERSPECTIVE the way it always does, i.e. the existence of SELinux should
> be relatively transparent to the user and/or administrator, at least to
> the extent t
On Sun, Jan 16, 2011 at 08:22:03PM +0100, David Sommerseth wrote:
> Why not have a look at what Fedora and RHEL/CentOS does in that regards?
> They've probably already been through a lot of these decisions as well, and
> were probably also one of the earlier adopters.
Well, most of these distrib
On 01/19/2011 01:39 PM, Sven Vermeulen wrote:
So you want the application to function properly and that the logs have no
"cosmetic" AVC denials (fine - fully agree here). One thing that I can't
gather from this is
- do you want to dontaudit the AVC denials which apparently have no impact
on fu
On Wed, Jan 19, 2011 at 02:05:39PM -0600, Chris Richards wrote:
> As I mentioned previously, my concern with having harmless AVCs in the
> log is that we create a situation where the System Admin gets so used to
> seeing all of these AVCs that he gets in the habit of ignoring them.
> Being in t
On 01/19/2011 02:25 PM, Sven Vermeulen wrote:
On Wed, Jan 19, 2011 at 02:05:39PM -0600, Chris Richards wrote:
As I mentioned previously, my concern with having harmless AVCs in the
log is that we create a situation where the System Admin gets so used to
seeing all of these AVCs that he gets in t
