On Thu, Jul 17, 2008 at 7:26 PM, Ahmed Kamal <email.ahmedkamal@xxxxxxxxxxxxxx> wrote: > I'd say I am a pretty knowledgeable Linux user. However, when I see an > AVC denial, and the recommended chcon doesn't fix it, I'm pretty much > lost! I need to launch that server or that application NOW, and > selinux is stopping that ... and the policy won't be fixed for days, > it won't even be fixed at all if that's a 3rd party app! I need > something to help me launch my apps if I so choose! a 95% selinux > protected system, is so much better than one with it disabled, which > what I always seem to end up doing to get my work done! > The tools to fix this already exist. man audit2allow man ausearch The man pages explain things pretty well. If I can read them and fix my own problems so can any competent sysadmin. ausearch can be used with audit2allow to generate the needed rules. The rules shouldn't be blindly accepted but they can get you buy for the moment. Its all documented in the man pages, every step. SysAdmins need to get used to SELinux and use the available troubleshooting tools. The Z option is available on a few commands. Max -- If opinions were really like assholes we'd each have just one -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list