Miloslav Trmač

I have been working on a GUI tool for simple viewing, searching and summarizing of Linux audit logs.

The first release is now available at fedorahosted.org. Test it, break it, tell me what you miss!

mlocate is now hosted at fedoraproject.org as well.

This makes an upstream bug tracker and a public Mercurial repository available. Hopefully it will be possible to submit mlocate translations using Transifex at translate.fedoraproject.org in a few days.

libuser, tmpwatch and usermode were previously only published as SRPMS in rawhide, with a somewhat-public CVS at elvis.redhat.com.

Thanks to the cool Fedora administrators, all three packages now have a proper upstream home at fedorahosted.org:

• libuser
• tmpwatch
• usermode

While I was testing Fedora’s development tree, preparing for Fedora 8, I have experimented a bit with KDE. Like 6 months before, I liked what I saw: a lot of not extremely important, but very convenient features (like a clock that can show time in multiple time zones, audio player with global keyboard shortcuts, a calendar that has sane defaults and scrolling behavior—unlike Evolution). Most of the applications have overwhelming option dialogs, but I’m sure the time investment would have paid of.

On the other hand—again, like 6 months ago—the applications I use most crashed several times within a single evening. Sigh.

A new SELinux feature which makes local SELinux policy adjustments much easier was not easy to notice among all the complaints that SELinux is hard to use.

The audit2allow tool should be well-known by now: given a snippet of the audit log, it outputs policy rules to allow all operations that are are currently prohibited. The user is expected to add the rules to the (large) policy, recompile the policy and load it. Finding the “right” place in the policy is not always obvious, though, and a future update of the selinux-policy package might overwrite the modifications.

Now there is an alternative, very convenient especially when trying to extend the policy to handle a new daemon: Run

audit2allow -M modulename -i auditlogfile

This will create a binary loadable module modulename.pp that can be quickly loaded by

semodule -i modulename.pp

or unloaded using

semodule -r modulename

The audit2allow command also creates modulename.te, a plain-text representation of the module, which can be edited and compiled to create a changed binary loadable module, or used as a basis for patches to the default SELinux policy.

David, while the documentation for translators is not great, the Translation Project pages contain enough to get you started, and people on fedora-trans-list usually respond quite quickly.

Besides the official status pages there are also my pages, where you can download the latest .po files.

Include Mono or not, somebody will always want the opposite.

If you don’t feel strongly about binary-only modules because “nobody gets hurt”, Arjan’s Linux in a binary world… a doomsday scenario might persuade you to change your mind.