[DSE-Dev] Bug#707243: Does anything break?
Michael Scherer
misc at zarb.org
Sat Aug 10 19:21:45 UTC 2013
Le jeudi 08 août 2013 à 18:01 +0200, Mika Pflüger a écrit :
> Hi,
>
> does anything break, or is it just a spurious AVC denial?
Hi,
I didn't look, and as I didn't enable selinux in enforcing mode due to
others issues, I do not know if it break irqbalance. Looking closely,
there is no call to getsched in the irqbalance source code.
And to be honest, I have no idea how I could measure irqbalance effects,
given I have a single processor server running debian.
I do not think that's a big deal security wise to allow it
( https://lists.fedoraproject.org/pipermail/selinux/2011-July/013978.html ), but I do not know if irqbalance need it to work. Fedora do seems to have a different policy, and do not have the issue.
> If no
> important functionality of irqbalance is lost, it may not be worth
> fixing this in stable, we could just forward a fix upstream and wait
> until it trickles back to debian.
Well, the less AVC it generate, the better it is for debugging of
selinux policy.
--
Michael Scherer
More information about the SELinux-devel
mailing list