On Sat, 2005-06-25 at 09:21 -0400, Valdis.Kletnieks@xxxxxx wrote: > If you're not getting a "permission denied", that means that *your* code > failed to check the return code of a syscall and call perror() (or language > equivalent) if needed. To be fair, SELinux will sometimes prevent such error reporting by the application because it will have already closed stdin/stdout/stderr and re-opened them to the null device due to a policy denial on the inherited descriptor at exec time (upon a domain change). Hence, the only safe approach is to log such error reports to a log file (and naturally, to ensure that the application has the necessary permissions to append to the log file). -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
