Thorsten Scherf wrote:
On Thu, 2006-03-30 at 14:51 -0500, Daniel J Walsh wrote:
>
http://fedoraproject.org/wiki/SELinux/Troubleshooting/AVCDecisions#preview
>
> Trying to build a analysys tool to be able to translate avc messages
> into possible boolean/file_context solutions.
>
> The idea is that we can look at the AVC messages that are generated and
> figure out what the servers were trying to do. Then we can give some
> advise to the administrator on the corrective measures. So what we are
> looking for are expected code paths where there is a file context of
> boolean available.
>
Usually if a AVC denied is fixed with a corresponding rule, the next AVC
comes up in the log (allow getattr, after that ACV:denied read, and so
on). Probably we don't want to annoy the administrator with several
pop-ups coming up on his screen.
What do you think about that?
Yes the idea would be to continue gathering all of the AVC's while the
app is running. I do not believe they will be able
close the window faster than the AVC MEssages. The app should have a
disable button built in so that if their is a real labeling problem, it
will not keep popping up. So we will have to watch our usability. :^)
But hopefully there will not be a lot of AVC messages :^)
Dan