Re: How do I stop ignoring an alert?
Is it Fedora? CentOS? Which version of setroubleshoot?
On Mon, May 28, 2018 at 11:07:39AM -0400, John Griffiths wrote:
That brings up the browser just fine, but there is not a list of
alerts.
It says, "No alerts."
If the alert is ignored, it does not show in the browser as far as I
know.
The browser should show the same list of alerts as the following command:
$ sealert -l '*'
It's a list of all stored alerts.
If an alert is ignored, setroubleshood server doesn't sent DBUS signal with
the alert and therefore seapplet doesn't show a notification. But when you open
sealert browser, the alert should be there.
There's another button `List All Alerts` where you can list all alerts and see
their statuses and how many time they occurred.
If you have 'No Alerts' then you might be just lucky.
You can try to generate an alert to check if it works correctly. Something like:
$ sudo runcon system_u:system_r:httpd_t:s0 bash -c 'hostname'
What I am looking for is a way to display alerts that have been
ignored
and no longer display in the browser by default. Is there an option for
that? The sealert --help shows none that are obvious.
If the installation of a new policy wipes the ignore data, then that is
fine and eventually solves my issue. If it doesn't, then my question
remains.
Thanks,
John
On 05/28/2018 10:06 AM, Petr Lautrbach wrote:
> On Sat, May 26, 2018 at 09:26:22PM -0000, John Griffiths wrote:
>> I have marked some recurring alerts as "ignore" in sealert browser.
There have been some recent policy updates and I want to now receive alerts for those
alerts to see if they were fixed in the update.
>>
>> I have read the man pages for sealert and setroubleshootd and cannot find any
reference to a command or an edit to be able to stop ignoring an alert.
>>
>> Is there such a command? Do I have to edit a file? If so, which one?
>>
> You can run sealert browser (`sealert` from command line, `SELinux
> Troubleshooter` from desktop ui) and go through the list of problems. When you find
> the one you want to un-ignore, hit `Notify` button or delete the problem.
>
> Petr
Attachments:
- signature.asc (application/pgp-signature — 833 bytes)