On Fri 06 Jun 2014 04:06:00 PM CEST, Michael Scherer wrote: > Hi again, > > while looking at servers, I also couldn't help noticing that selinux is > either disabled or set as permissive on the few servers I looked, one > even having auditd disabled. > > So I did enable auditd with the goal of collecting violation in > audit.log ( aka AVC ), and I plan to look at them. I already started to > fix a few violations showing up in the log. > > Sometime, this would just be enabling a boolean to configure selinux > ( ie, enable some specific access ), sometime, it was just wrongly > labelled file ( on monitoring.ovirt, mostly ). > > I do not plan to set selinux in enforcing mode before having check that > there is no problem for a longer period of time, and of course, not if > people think it is not wise. I also so far only propose to do that host > by host, as I guess the jenkins ones may be more complex to limit. > > I wil report with what I foud and so we will discuss if we make the > switch or not. > > > _______________________________________________ > Infra mailing list > Infra@ovirt.org > http://lists.ovirt.org/mailman/listinfo/infra
Thanks michael! -- David Caro Red Hat S.L. Continuous Integration Engineer - EMEA ENG Virtualization R&D Email: dc...@redhat.com Web: www.redhat.com RHT Global #: 82-62605
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
