Re: Selinux, because it is friday
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--J4C6qpiwNtupr3TkrEwmdDcj1KFnlcWTG
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On Fri 06 Jun 2014 04:06:00 PM CEST, Michael Scherer wrote:
Hi again,
while looking at servers, I also couldn't help noticing that selinux is=
either disabled or set as permissive on the few servers I looked,
one
even having auditd disabled.
So I did enable auditd with the goal of collecting violation in
audit.log ( aka AVC ), and I plan to look at them. I already started to=
fix a few violations showing up in the log.
Sometime, this would just be enabling a boolean to configure selinux
( ie, enable some specific access ), sometime, it was just wrongly
labelled file ( on monitoring.ovirt, mostly ).
I do not plan to set selinux in enforcing mode before having check that=
there is no problem for a longer period of time, and of course, not
if
people think it is not wise. I also so far only propose to do that host=
by host, as I guess the jenkins ones may be more complex to limit.
I wil report with what I foud and so we will discuss if we make the
switch or not.
_______________________________________________
Infra mailing list
Infra(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/infra
Thanks michael!
--
David Caro
Red Hat S.L.
Continuous Integration Engineer - EMEA ENG Virtualization R&D
Email: dcaro(a)redhat.com
Web: www.redhat.com
RHT Global #: 82-62605
--J4C6qpiwNtupr3TkrEwmdDcj1KFnlcWTG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJTkc8UAAoJEEBxx+HSYmnDvtQH/iPS7EuzQMuZNsC2zZ5ATST/
R3MafpkVTD8p3M0dM89cmFHLbCplf2DduP0I1d8J7B+5yUJbnxPqbCME6zejfOOn
JqQMRhWNWTXUpHvqRLDxglQByu2MXaB+7DpKAm0CRSWsFMmgwOyxmhJF55rVCfjS
VfcanK0gdKyGQckd2U+0Bxfwy6d9pD2Vy3gPlP5P8MxXf+TMj8kXpqu9YJ4KtjJx
fbBGP1YmJGZ2iQCoipHencMVJwUGiY+lLCh2MixL81dxFRN49TkGYldCMfCaQNiR
1PdCxbJ7PHuk3Zdm+pnMWzfJQuIp06cjc/chBjN7EDH5hcndopezK1LhwzSc5XI=
=uarV
-----END PGP SIGNATURE-----
--J4C6qpiwNtupr3TkrEwmdDcj1KFnlcWTG--
Attachments:
- attachment.bin (multipart/signed — 2.2 KB)