• 1
I'd like to see SELinux actually _log_ messages somewhere between the actual AVC message and your long-verbose-version. (It should of course still log the cryptic "real" message, but at the "debug" syslog level.)

I strongly beleive that at this stage, SELinux needs better sysadmin buyin to succeed, and while we've got a thick skin for arcane messages, SELinux is too much all at once.

(And I still stand by my earlier suggestion of getting rid of "_u", "_r", and "_t"....)

  • 1

