On Thu, 2006-03-30 at 14:51 -0500, Daniel J Walsh wrote:
http://fedoraproject.org/wiki/SELinux/Troubleshooting/AVCDecisions#preview
Trying to build a analysys tool to be able to translate avc messages
into possible boolean/file_context solutions.
The idea is that we can look at the AVC messages that are generated and
figure out what the servers were trying to do. Then we can give some
advise to the administrator on the corrective measures. So what we are
looking for are expected code paths where there is a file context of
boolean available.
Usually if a AVC denied is fixed with a corresponding rule, the next AVC
comes up in the log (allow getattr, after that ACV:denied read, and so
on). Probably we don't want to annoy the administrator with several
pop-ups coming up on his screen.
What do you think about that?
--
Thorsten Scherf, RHCE, RHCA, RHCSS Mobile: ++49 172 61 32 548
Red Hat GLS EMEA Fax: ++49 2064 470 564