file, executable, and policy
ken
gebser at mousecar.com
Mon Nov 5 16:53:55 UTC 2012
On 11/05/2012 08:29 AM Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 11/04/2012 06:03 PM, ken wrote:
>> It's nice with selinux that a notification window pops up when a violation
>> has been detected... and then that it's a simple matter to click on an icon
>> to pop open a window with much more information. But lacking in that
>> window is critical information necessary to identify and then perhaps
>> resolve the issue.
>>
>> Fundamentally the action of some executable has tried, against policy, to
>> access some file. So why doesn't this page list:
>>
>> - the name of the file, including full path, against which access was
>> attempted;
>>
>> - the name of the executable, including full path, which tried to access
>> that file; and
>>
>> -- text explaining the policy which was violated, or at least a link to
>> it?
>>
>> I've had selinux installed for some years now (in permissive mode), but am
>> considering uninstalling it because, lacking this obvious and critical
>> information, there doesn't seem to be a point to it.
>>
>> -- selinux mailing list selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
> Why doesn't SELinux give you full path?
Yes, exactly. This is critical information. You'd think this would be
displayed prominently and descriptively.
More information about the selinux
mailing list