Selinux, because it is friday
David Caro
dcaroest at redhat.com
Fri Jun 6 14:24:20 UTC 2014
On Fri 06 Jun 2014 04:06:00 PM CEST, Michael Scherer wrote:
> Hi again,
>
> while looking at servers, I also couldn't help noticing that selinux is
> either disabled or set as permissive on the few servers I looked, one
> even having auditd disabled.
>
> So I did enable auditd with the goal of collecting violation in
> audit.log ( aka AVC ), and I plan to look at them. I already started to
> fix a few violations showing up in the log.
>
> Sometime, this would just be enabling a boolean to configure selinux
> ( ie, enable some specific access ), sometime, it was just wrongly
> labelled file ( on monitoring.ovirt, mostly ).
>
> I do not plan to set selinux in enforcing mode before having check that
> there is no problem for a longer period of time, and of course, not if
> people think it is not wise. I also so far only propose to do that host
> by host, as I guess the jenkins ones may be more complex to limit.
>
> I wil report with what I foud and so we will discuss if we make the
> switch or not.
>
>
> _______________________________________________
> Infra mailing list
> Infra at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/infra
Thanks michael!
--
David Caro
Red Hat S.L.
Continuous Integration Engineer - EMEA ENG Virtualization R&D
Email: dcaro at redhat.com
Web: www.redhat.com
RHT Global #: 82-62605
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ovirt.org/pipermail/infra/attachments/20140606/2c61fea6/attachment.sig>
More information about the Infra
mailing list