I used grep as well. Adding a boolean sounds like a great idea.
-Ken-
Daniel J Walsh wrote:
Ken wrote:
Thank you for your response. I inadvertently sent my response to the
previous message to your address rather than the list, and later
posted it to the list. I noticed that you did not send this reply to
the list so I did not know if it was appropriate to post my response
on the list or not, and I chose not to. I have already written a
program/script which removed the"dontaudit" statements from the ".te"
files in the policy while I was in the process of troubleshooting
this problem. This was helpful, but I have noticed dontaudit
statements occurring in other files as well, and I am interested in
learning more about the enableaudit module. I searched my hard drive
for the source code and did not find it. Where can I find the source
code for the module?
-Ken-
I have no problem if this is on list. Problem is I am not sure which
list it belongs to.
enableaudit.pp is created from the same source file as the rest of the
code. Basically it uses the grep -v dontaudit out of the policy file
and rebuilds. So I am sure you did the same thing. The plan is to
eventually add some kind of boolean to turn on/off dontaudit rules.
Daniel J Walsh wrote:
Ken wrote:
Thanks for the suggestion, but it was not labeling. It appears to
have had something to do with mls, although I have not had the time
to figure out exactly what. I changed all the mls levels to s0 and
the problem went away. It sure would be nice if there were a
feature to disable all "dontaudit" statements for policy debugging.
semodule -b /usr/share/selinux/mls/enableaudit.pp
-Ken-
Daniel J Walsh wrote:
Ken wrote:
I am attempting to get a strict policy working on my FC-6 system
(version 2.4.3-2.fc6). I have successfully created a user
account, and I can log both the root and the user account into
the GUI. I am attempting to get Firefox to work and I am having
difficulties. If I click on the Firefox icon, I see the program
listed as opening, and it stays that way for a few seconds and
then disappears. If I check the message log (var/log/messages),
there are no messages (either avc or other) generated as a result
of the attempt. This only happens when the policy is enforcing.
When the policy is is not enforcing, Firefox loads properly --
also with no messages. I have noticed that Firefox is not
writing to its .mozilla folder when the policy is enforcing, and
that it does write to several files in this folder when it loads
properly. This problem affects both my user account and the root
account. Can someone please explain why I am not receiving any
error messages (or any messages at all), and let me know what
needs to be changed in order to load Firefox?
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
check /var/log/audit/audit.log for avc messages.
I would guess you have a labeling problem on your home dir.
restorecon -R -v ~/
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
