Richard Hally wrote:
I'm running in SELinux permissive mode and after booting up to runlevel 5In a non enforcing mode you will get a lot more messages than enforcing mode, since the kernel is just logging that if you were in enforcing the access would have been denier. So if an app was going to try to read a bunch of files in a directory, and got a denial on read it would stop in enforcing mode, in non enforcing mode it will get a denial for each file in the directory that it reads.
and logging in, I look at /var/log/messages and see quite few AVC denied
messages. Is this happening on other peoples systems?
I have been downloading all the latest policy (and related) packages and theThat is the goal. This of course would be if the user and apps don't try to do something that they are not allowed to do. IE if you install a fresh system in enforcinf mode and
rest of the /development tree for the last few weeks but it doesn't look
like there are fewer AVC denied messages each time I boot with each new
kernel and policy. Should I expect the default policy to allow me to boot an
"Everything installed" /development updated system with no AVC denied
messages? At some point in the near future?
cat /etc/shadow you will generate an denial message.
More generally, what is the Red Hat plan and objective for developing the policy they package?
Thanks for any help,
Richard Hally
