On 03/04/2010 01:33 PM, Temlakos wrote: > Dominick Grift wrote: > >> On 03/04/2010 07:14 PM, Temlakos wrote: >> >> >> >>> Anyway--in case I have to use that installer again, as I think I might, >>> I'd like to have somebody go over those alerts--because they /have/ to >>> be related, somehow. Here they are again: >>> >>> >> Just a comment: >> >> ausearch -m avc -ts ... does not show all denials in >> /var/log/audit/audit.log >> >> There could also be user space AVC denials present which can be listed with: >> >> ausearch -m user_avc -ts ... >> >> In some rare cases sone AVC denials may end up in dmesg and/or >> /var/log/messages. >> >> Unfortunately i do not see anything in your enclosed AVC denials that i >> suspect may be related to your issue. Hopefully someone else does. >> >> >> > Well, I just tried searching on user_avc, even after un-hiding the > alerts. Result: > > <no matches> > > So what I submitted, has to be it. > > But: might this have anything to do with it? I'm using KDE now, and one > of the things that the installer had to do was to get into KWallet, and > for that the system asked for my KWallet password, which I gave. > > I'm new to KDE, and I'm surprised that I didn't use it earlier. KDE has > an automatic package installer that has already made my life a lot > simpler, and when I realized that I was using a lot of KDE-specific > apps, KDE was the logical choice. But maybe KDE has some subtleties that > occasionally create a security problem in a security-enhanced environment. > > Temlakos > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > > > I have seen installations trip over execmod,execmem and execstack checks. Also if the tools use java, it can do some stuff that SELinux does not like. getsebool allow_execstack allow_execmem allow_execmod -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
