On Thu, 10 Sep 2020 at 10:17, Tom Hughes <tom@xxxxxxxxxx> wrote: > > Speaking from personal experience, I've wasted days over the last > > decade trying to debug a locally installed system service that was not > > working where there were no messages in any of the logs (e.g. no AVCs) > > -- and turning off selinux at runtime magically fixed the problem. > > Some selinux rules are marked to not generate AVCs... Why!? There's sometimes no log output anywhere obvious that a syscall or something was blocked. It's the reason I turn off selinux on my work development machine, and I've often wasted *hours* of my life on code "doing something impossible" over the last decade until a neuron at the back of my brain remembers "you've not yet turned off selinux" and then when I "sudo setenforce 0" it works, and I can't actually file a bug as there's no indication of what selinux actually blocked or why. Richard _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
