Juan Antonio Osorio
Juan Antonio Osorio
> There's no specifc documentation available for recording Selinux profiles when I am trying to check if selinux is enabled using sudo sestatus SELinux status: disabled not sure if any...
@pradeepjairamani this looks like an issue in Amazon Linux: ``` type=AVC msg=audit(1662453321.187:16): avc: denied { search } for pid=2742 comm="rngd" name="pki" dev="nvme0n1p1" ino=2118127 scontext=system_u:system_r:rngd_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1662453322.111:19): avc:...
I think the relevant configuration would have been in `/etc/selinux/config`
@pradeepjairamani I don't have much experience with Amazon Linux 2 nor do I use it 😕 ... So I'm not quite sure how things should be configured there.
@saschagrunert I like the idea of measuring and basing the value on that.
@saschagrunert @jhrozek @pjbgf ideas for this are welcome
@saschagrunert do you have a reference of how you did the ones that are currently in the repo?
/reopen /remove-lifecycle rotten
Is there a proposal for this feature that describes the overall flow better? I'd like to know the plan for cert rotation which tends to be an issue
> > Is there a proposal for this feature that describes the overall flow better? I'd like to know the plan for cert rotation which tends to be an issue...