Re: label

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Casper:

For example, I have a denied message in audit.log:
type=AVC msg=audit(1676313787.584:376): avc: denied { read write } for pid=17799 comm="run_at_daemon" path="socket:[54386]" dev="sockfs" ino=54386 scontext=system_u:system_r:run_at_csq_daemon_t:s0 tcontext=system_u:system_r:rssi_daemon_t:s0 tclass=tcp_socket permissive=0 how to apply restorecon? Thanks.
---henry19

On Mon, Feb 13, 2023 at 11:27 AM Casper <fantom@xxxxxxxxxxxxxxxxx> wrote:
Henry Zhang a écrit :
>    Hi,
>    I want to do custom SELinux with policies.
>    The first challenge I am facing is to check if the label is correct or not
>    instead of using audit2allow first.
>    How do I know if labeling is correct in a denied message from
>    /var/log/audit.log?

restorecon -v /path/to/file

If it returns nothing, it means label was correct in the first
place. If label is not correct, restorecon will fix it.

--
GnuPG: AE157E0B29F0BEF2 at keys.openpgp.org
CA Cert: https://dl.casperlefantom.net/pub/ssl/root.der
Jabber/XMPP Messaging: casper@xxxxxxxxxxxxxxxxxx
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux