Re: Proposal: Improving SELinux <--> user interaction on Fedora - Kerneloops for SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jul 17, 2008 at 7:26 PM, Ahmed Kamal
<email.ahmedkamal@xxxxxxxxxxxxxx> wrote:
> I'd say I am a pretty knowledgeable Linux user. However, when I see an
> AVC denial, and the recommended chcon doesn't fix it, I'm pretty much
> lost! I need to launch that server or that application NOW, and
> selinux is stopping that ... and the policy won't be fixed for days,
> it won't even be fixed at all if that's a 3rd party app! I need
> something to help me launch my apps if I so choose! a 95% selinux
> protected system, is so much better than one with it disabled, which
> what I always seem to end up doing to get my work done!
>
The tools to fix this already exist.

man audit2allow
man ausearch

The man pages explain things pretty well. If I can read them and fix
my own problems so can any competent sysadmin.
ausearch can be used with audit2allow to generate the needed rules.
The rules shouldn't be blindly accepted but they can get you buy for
the moment.
Its all documented in the man pages, every step. SysAdmins need to get
used to SELinux and use the available troubleshooting tools. The Z
option is available on a few commands.


Max
-- 
If opinions were really like assholes we'd each have just one

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux