On 11/29/09 02:11, Sandro Janke wrote:
On 11/29/2009 06:29 AM, Roland Roberts wrote:
Thomas Harold wrote:
I think that you have to have the setroubleshoot service running in
order to get SELinux errors in /var/log/messages.
https://fedorahosted.org/setroubleshoot/wiki/SETroubleShoot%20User%20FAQ
Hmmm, I seem to have both setroubleshoot and setroubleshoot-server
packages installed, but much of that package talks about turning on the
setroubleshoot service; the file for that should be in
/etc/rc.d/init.d/setroubleshoot, but I have no such file. Both packages
verify as correct (rpm -V) and rpm -qil does not show any such file in
the inventory. There is a file /usr/sbin/setroubleshootd which is what I
would expect for the daemon, but no file in /etc/rc.d/init.d references
it. Odd. And if I try to manually launch it, it runs briefly, leaves a
zero-length log file in /var/log/setroubleshoot/setroubleshootd.log.
Note that I am *not* on a X11 desktop on this host. It is a server, and
while it has X installed, it is in run level 3.
Actually, you don't need to have any of the setroubleshoot packages
installed to get AVC messages logged. What you need is auditd running
and it will log AVC messages to /var/log/audit/audit.log
With setroubleshoot-server installed you can watch the logged messages
using:
# sealert -a /var/log/audit/audit.log
The output will be long and in the style of setroubleshoot browser, so
take your measures.
Another tool - from the audit package - that can prove very useful is
ausearch. It will search the audit logs for messages matching the given
criteria.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
agree..
In my case I normaly just do:
audit2allow -d > to_the_allow_rules
audit2allow -i /var/log/*(and the rest of
the log messages havng any left over avc's
to define into the policy);
Justin P. Mattock
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
