Kent Fredric wrote, On 10/03/14 12:14: > > On 10 March 2014 11:41, C. Falconer <[email protected] > <mailto:[email protected]>> wrote: > > Drop a message in the log file, if nothing else. > > > I would imagine if you logged everywhere read access failed due to > security, you'd have a log file so deep you would quickly run out of > diskspace. > > Ever done strace on your average binary? Loads lots of paths that > don't exist,or are unreadable, and they are by design treated the same. > > If you had a log for every stat() == ENOACCESS , that log would border > on being unusable. > > Good point, but that leads back to the original point of turning off selinux because its a PITA.
Why do so many people loathe IPSEC? Because, by design it doesn't tell you what is wrong, therefore being more secure and preventing the leak of configuration information. Similar situation with selinux. -- CF
_______________________________________________ Linux-users mailing list [email protected] http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
