When running kernel 406 in both enforcing and permissive mode with the latest "strict" policy(1-13.2-3) there are no (absolutely none!) avc denied messages. The troubling thing is that there is at least one thing that works in permissive and fails in enforcing. The first thing I checked was postgresql. It starts in permissive and fails to start in enforcing and there are no avc denied messages in either case. What could be the problem? thanks for the help. Richard Hally
Richard Hally wrote:
When running kernel 406 in both enforcing and permissive mode with the latest "strict" policy(1-13.2-3) there are no (absolutely none!) avc denied messages. The troubling thing is that there is at least one thing that works in permissive and fails in enforcing. The first thing I checked was postgresql. It starts in permissive and fails to start in enforcing and there are no avc denied messages in either case. What could be the problem? thanks for the help. Richard Hally
The problem is that auditing's disabled. Why it's disabled I have no idea.
On Thu, 2004-06-03 at 04:08, Ivan Gyurdiev wrote:
The problem is that auditing's disabled. Why it's disabled I have no idea.
It also appears that the default setting for selinux_enabled has changed in this kernel, so that one has to explicitly specify selinux=1 to enable SELinux. I doubt we want that kind of inconsistency with upstream; the default should be the same to avoid user confusion.
selinux@lists.fedoraproject.org