-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Valent Turkovic wrote: > On Feb 9, 2008 6:36 PM, Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> wrote: >> Valent Turkovic wrote: >> >>> Ok, so my system is still protected but I can't see the issues what >>> happen becuase sel troubleshooter service crashes? >>> To be honesti I prefer it this way :) >> You can still see the issues in the logs. SELinux troubleshooter parses >> the AVC denied messages from the logs that are usually cryptic and >> attempts to convert them into a language that end users can more easily >> understand while attempting to also provide suggestions on actions to >> take. If you don't want that, you might as well as just remove the package. >> >> >> Rahul > > I was joking a bit :) I like selinux-troubleshooter features. > > I was thinking of danger googles from Hitchikers guide to galaxy which > in case od danger close their lids so you can't see the danges and are > there for protected from it :) I draw a paralel to sel trobleshooter > crashing :) > > Valent. > grep setroubleshoot /var/log/audit/audit.log The setroubleshooter has nothing to do with SELinux protections. It job is to watch for SELinux errors (avc's in /var/log/audit/audit.log), and then to try to translate them into actions that the user can execute. The problem is if it sees an AVC about itself, it can try to act on it, which might generate an AVC on itself, which it can act on, which might generate and AVC on itself ... So we have it commit suicide when it sees avc's on itself. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkexssgACgkQrlYvE4MpobNrgACgpdr7Bjll9OhfkOLK0IbYdgiK /BcAnj14frbBSAbCeQleBVUuo+s0k497 =Wv0t -----END PGP SIGNATURE----- -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
