On Tue, 2006-03-14 at 11:33 -0500, Jeff Spaleta wrote: > On 3/14/06, Stephen J. Smoogen <smooge@xxxxxxxxx> wrote: > > 3) They found a legitimate problem with selinux but did not have the > > tools to debug it or had the training needed to fix it. > > I'm getting more comfortable with at least troubleshooting selinux > errors by looking for avc error messages in the logs. But sometimes i > run into head-scratching situations that people run into where there > are no avc error messages being generated but putting selinux into > permissive mode seems to help as a last resort. > > Are there selinux interactions which will not generate avc messages as > a matter of selinux design? If so how do i troubleshoot or even > confirm that selinux policy is what an application is tripping over in > those situations? Under FC4 and earlier: http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id2827008 Under FC5, you install the enableaudit.pp package, see the end of: http://fedoraproject.org/wiki/SELinux/Troubleshooting The wiki could use some help... -- Stephen Smalley National Security Agency -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
