Ok, what's the "correct" way to deal with systems developed in-house, that have their own sets up subdirectories. And why, for that matter, does running sealert give me the full path to the executable, like openjdk... but *not* the full path to the file it's trying to operate on, and I'm left going "ok, where was the file it deleted? (we're running in permissive mode - overwhelmingly, developers and subject matter experts no less than nothing about selinux). mark _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx