Daniel J Walsh wrote: > On 03/04/2010 01:33 PM, Temlakos wrote: >> Dominick Grift wrote: >> >>> On 03/04/2010 07:14 PM, Temlakos wrote: >>> >>> >>> >>>> Anyway--in case I have to use that installer again, as I think I >>>> might, >>>> I'd like to have somebody go over those alerts--because they /have/ to >>>> be related, somehow. Here they are again: >>>> >>>> >>> Just a comment: >>> >>> ausearch -m avc -ts ... does not show all denials in >>> /var/log/audit/audit.log >>> >>> There could also be user space AVC denials present which can be >>> listed with: >>> >>> ausearch -m user_avc -ts ... >>> >>> In some rare cases sone AVC denials may end up in dmesg and/or >>> /var/log/messages. >>> >>> Unfortunately i do not see anything in your enclosed AVC denials that i >>> suspect may be related to your issue. Hopefully someone else does. >>> >>> >>> >> Well, I just tried searching on user_avc, even after un-hiding the >> alerts. Result: >> >> <no matches> >> >> So what I submitted, has to be it. >> >> But: might this have anything to do with it? I'm using KDE now, and one >> of the things that the installer had to do was to get into KWallet, and >> for that the system asked for my KWallet password, which I gave. >> >> I'm new to KDE, and I'm surprised that I didn't use it earlier. KDE has >> an automatic package installer that has already made my life a lot >> simpler, and when I realized that I was using a lot of KDE-specific >> apps, KDE was the logical choice. But maybe KDE has some subtleties that >> occasionally create a security problem in a security-enhanced >> environment. >> >> Temlakos >> -- >> selinux mailing list >> selinux@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/selinux >> >> >> > I have seen installations trip over execmod,execmem and execstack checks. > > Also if the tools use java, it can do some stuff that SELinux does not > like. > > getsebool allow_execstack allow_execmem allow_execmod > > allow_execstack --> on allow_execmem --> on allow_execmod --> off OK, what next? Temlakos -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
