On Wed, 2005-06-22 at 17:41 -0400, Jon August wrote: > I updated the policy after I found that there was a bug with starting > DHCP and since then I haven't had any issues getting things to work. > Things like a CGI script running sendmail to send an email - which > used to show up in the audit log, now work fine. > > What can I do to see if SELinux is still paying attention? In addition to what others have said, /usr/sbin/sestatus is a tool for checking the status of SELinux. sestatus -v also provides further information based on the contents of /etc/sestatus.conf, so you can configure it to check the contexts of specific processes and program files. Might want to add httpd to that list. sestatus was contributed by the Hardened Gentoo folks, specifically Chris PeBenito. BTW, I've noticed that FC4 systems seem to be losing the type on /etc/shadow, likely when firstboot creates the first user account. I then have to manually restorecon /etc/shadow, because the patched libraries and utilities are coded to just preserve whatever context is on the file when they update it, so if the context is ever wrong, it will remain wrong for subsequent updates. Possibly they should be using matchpathcon() instead. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
