Le jeudi 08 août 2013 à 18:01 +0200, Mika Pflüger a écrit :
Hi,
does anything break, or is it just a spurious AVC denial?
Hi,
I didn't look, and as I didn't enable selinux in enforcing mode due to
others issues, I do not know if it break irqbalance. Looking closely,
there is no call to getsched in the irqbalance source code.
And to be honest, I have no idea how I could measure irqbalance effects,
given I have a single processor server running debian.
I do not think that's a big deal security wise to allow it
( https://lists.fedoraproject.org/pipermail/selinux/2011-July/013978.html ),
but I do not know if irqbalance need it to work. Fedora do seems to have a
different policy, and do not have the issue.
If no
important functionality of irqbalance is lost, it may not be worth
fixing this in stable, we could just forward a fix upstream and wait
until it trickles back to debian.
Well, the less AVC it generate, the better it is for debugging of
selinux policy.
--
Michael Scherer
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
