>> 2. If it is safe, how do I persuade selinux to let it happen? > > Look into use of the audit2allow utility for converting denied > messages into rules that allow the behavior that was denied. The the > short of it is: > > # cd /etc/selinux/targeted/src > # audit2allow -d -l -o domains/misc/local.te && make load > > Repeat until your script works and then clean up the local.te file's > formatting (not necessary). The long of it (and a good read) is the > Red Hat Enterprise Linux 4 SELinux Guide > (http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/). > I'd suggest reading that, specifically section II before doing what > I've suggested here to make sure you have a full understanding of > what's going on. > I have a question about what you suggested. My system is working normally, but I'd like to know more about audit2allow. My system (fc3, selinux enforced, targeted) does not have src under /etc/selinux/targeted/ that has only: booleans contexts policy and I could not find audit2allow, even from the web site you gave above. Could you provide more information about it? or any links? Thanks! Hongwei Li