Re: SELinux and access across 'similar types'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Saturday, January 07, 2012 11:15:35 AM Bennett Haselton wrote:
> Hence the idea for having SELinux send messages to the terminal saying 
> "SELinux blocked such-and-such".  There's probably some better way.

Huh?

CentOS has done this by default since CentOS 4.  At least I see SELinux-generated 'denied' AVC's on a couple of internal C4 machines where I'm running SELinux in permissive mode and I see the denials on a text console.  All my CentOS 5 boxes have SELinux on and enforcing, but I haven't seen any avc denials in the logs or on the console, nor have I done anything 'wierd' on those boxes....

The graphical GNOME installation pops up a tooltip-style balloon when SELinux denials are found, at least with CentOS 6.  Haven't tried with C5.

Now, nowhere in the logged message does it say 'SELinux' but a google for the text found in such an avc denial log entry brings up what you need to know.  Here's an example:
audit(1325941406.515:467): avc:  denied  { write } for  pid=6609 comm="postmaster" name="1262" dev=dm-0 ino=2016007 scontext=root:system_r:postgresql_t tcontext=user_u:object_r:var_t tclass=file

(I know how to fix it, I just haven't).  This by default comes to the /dev/console device along with being logged in dmesg and elsewhere.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux