Ed Swierk wrote:
On 1/4/08, John Dennis jdennis@redhat.com wrote:
Re SELinux usability issues:
We wrote the setroubleshoot package precisely to help SELinux novice users so they wouldn't suffer with hidden obscure failures of the type which have frustrated you. If it had been installed you would have received notifications in real time on your desktop describing the failure and suggestions on how to fix it.
The machine in question is a server with no graphical applications; is there a command-line version of setroubleshoot?
Yes, setroubleshoot-server.
You have two options for receiving the alerts from the headless server. You can either run the gui on a machine with a head and point it at the headless server (requires modifying the config file to use TCP rather than the default Unix domain sockets).
On the headless server edit /etc/setroubleshoot/setroubleshoot.cfg and in the listen_for_client section set the address_list parameter to {inet}server.ip.addr. Then on the GUI system do the same thing except set the address_list in the client_connect_to section.
-OR-
You can choose to have the headless server send you emails with the alert by editing the file
/var/lib/setroubleshoot/email_alert_recipients
and adding a line like this:
user@example.com filter_type=after_first
The filter_type specifies whether to filter the email alert, the 3 possible values are:
after_first filter the email after the first notification always always filter, thus never send an email alert never never filter, thus always send an email alert