Thorsten Scherf wrote:
On Thu, 2006-03-30 at 14:51 -0500, Daniel J Walsh wrote:
http://fedoraproject.org/wiki/SELinux/Troubleshooting/AVCDecisions#preview
Trying to build a analysys tool to be able to translate avc messages
into possible boolean/file_context solutions.
The idea is that we can look at the AVC messages that are generated and
figure out what the servers were trying to do. Then we can give some
advise to the administrator on the corrective measures. So what we are
looking for are expected code paths where there is a file context of
boolean available.
Usually if a AVC denied is fixed with a corresponding rule, the next AVC
comes up in the log (allow getattr, after that ACV:denied read, and so
on). Probably we don't want to annoy the administrator with several
pop-ups coming up on his screen.
What do you think about that?
Yes the idea would be to continue gathering all of the AVC's while the
app is running. I do not believe they will be able
close the window faster than the AVC MEssages. The app should have a
disable button built in so that if their is a real labeling problem, it
will not keep popping up. So we will have to watch our usability. :^)
But hopefully there will not be a lot of AVC messages :^)
Dan
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list