On Oct 17, 2011, at 5:16 PM, Robin Lee Powell wrote: > On Mon, Oct 17, 2011 at 04:55:50PM -0400, David A. Cafaro wrote: >> >> Permissive mode reports no selinux errors and the password change >> works (I'm assuming that passwd is detecting permissive mode). > > Make sure you have "semanage dontaudit off". Yeah, was trying semanage -DB, but I didn't catch the passwd perms in it, may have gotten lost in the storm. > > Also look for things besides AVCs; if you're grepping the audit log, > include SELINUX in what you check for. Thanks, I usually give both a check for "AVC" and "invalid" to try and find items. I'll also give audit2allow/why a chance to gather up what's been going on as well. Cheers, David -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
