Le jeudi 08 août 2013 à 18:01 +0200, Mika Pflüger a écrit : > Hi, > > does anything break, or is it just a spurious AVC denial?
Hi, I didn't look, and as I didn't enable selinux in enforcing mode due to others issues, I do not know if it break irqbalance. Looking closely, there is no call to getsched in the irqbalance source code. And to be honest, I have no idea how I could measure irqbalance effects, given I have a single processor server running debian. I do not think that's a big deal security wise to allow it ( https://lists.fedoraproject.org/pipermail/selinux/2011-July/013978.html ), but I do not know if irqbalance need it to work. Fedora do seems to have a different policy, and do not have the issue. > If no > important functionality of irqbalance is lost, it may not be worth > fixing this in stable, we could just forward a fix upstream and wait > until it trickles back to debian. Well, the less AVC it generate, the better it is for debugging of selinux policy. -- Michael Scherer -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
