On 10/09/2020 09:44, Richard Hughes wrote:
On Tue, 8 Sep 2020 at 16:29, Ben Cotton <bcot...@redhat.com> wrote:
NOTE: Runtime disable is considered deprecated by upstream, and using
it will become increasingly painful (e.g. sleeping/blocking) through
future kernel releases until eventually it is removed completely.
Speaking from personal experience, I've wasted days over the last
decade trying to debug a locally installed system service that was not
working where there were no messages in any of the logs (e.g. no AVCs)
-- and turning off selinux at runtime magically fixed the problem.
Some selinux rules are marked to not generate AVCs...
Whilst I'm of course in favour of fixing the lockdown issue, would it
also be fair to say that any selinux regression not triggering an AVC
(which is fixed using selinux=0) would block this kind of proposal?
Did "setenforce 0" also fix it?
Tom
--
Tom Hughes (t...@compton.nu)
http://compton.nu/
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
