-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/11/2013 03:28 PM, Michael Hennebry wrote:
> On Tue, 11 Jun 2013, Daniel J Walsh wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> On 06/10/2013 03:31 PM, Michael Hennebry wrote:
>>> On Mon, 10 Jun 2013, m.roth@xxxxxxxxx wrote:
>>>
>>>> Michael Hennebry wrote:
>>>>> On Mon, 10 Jun 2013, Michael Hennebry wrote:
>>>>>> On Mon, 10 Jun 2013, m.roth@xxxxxxxxx wrote:
>>>>>>> Michael Hennebry wrote:
>>>>>>>> On Mon, 10 Jun 2013, m.roth@xxxxxxxxx wrote:
>>>>>>>>> Frank Cox wrote:
>>>>>>>>>> On Mon, 10 Jun 2013 12:15:15 -0500 (CDT) Michael
>>>>>>>>>> Hennebry wrote:
>>>> <snip>
>>>>
>>>>>>>>> And I trust the filesystem isn't full? Or is selinux
>>>>>>>>> enforcing?
>>>>>>>>
>>>>>>>> The filesystem is not full the workaround works. selinux is
>>>>>>>> set for enforcing. [hennebry@96-18-56-186 t2]$ ls -Zd /tmp
>>>>>>>> drwxrwxrwt. root root system_u:object_r:tmp_t:s0 /tmp
>>>>>>>>
>>>>>>>> I had no trouble making the absent directory.
>>>>>>>
>>>>>>> Ahhhh... were there any selinux AVCs from when you tried to
>>>>>>> save before?
>>>> <snip>
>>>>> [root@96-18-56-186 ~]# grep AVC /var/log/audit/audit.log
>>>>> [root@96-18-56-186 ~]# grep type= /var/log/audit/audit.log | wc
>>>>> 3571 52375 814962
>>>>
>>>> ARGH!!! 3571 AVC's.... You need to find out what they're telling
>>>> you, and
>>>
>>> No AVC's at all. The first grep came up empty. I just put in type= to
>>> demonstrate that I was getting selinux messages.
>>>
>>>> fix that, a combination of setsebool, semanage -P
>>>> <whatever>/restorecon -v <whatever>, and/or grep -i avc | tail 100 |
>>>> audit2allow to show you what it would do, and check the manpage for
>>>> audit2allow to get the flags right to create a module that you can
>>>> then load, as per the examples in the manpage.
>
>> There are lots of messages in the audit.log that are not related to
>> SELinux error messages that have type=.
>>
>>
>> ausearch -m avc,user_avc
>>
>> WIll show you all AVC messages.
>
> From ausearch, I have AVC messages now, but they are all from May or from
> after I posted about evince.
>
> I do not understand why I did not find the May ones with grep. grep still
> only gives me 7, the ones from June, and does ont give me times, even when
> I use -e time in the command line. From gview, .../audit.log does not
> contain an explicit time. Is it encoded somehow?
>
Audit.log is being rolled, did you look at /var/log/audit/audit.log*
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlG/K3AACgkQrlYvE4MpobOiywCglzlShk+bvwxu16tyOUt3EZmd
56AAmgIaAZnTQvNkC1zGz7M7MGL15Hng
=3wHh
-----END PGP SIGNATURE-----
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
