On Thu, 2006-03-30 at 14:51 -0500, Daniel J Walsh wrote: > http://fedoraproject.org/wiki/SELinux/Troubleshooting/AVCDecisions#preview > > Trying to build a analysys tool to be able to translate avc messages > into possible boolean/file_context solutions. > > The idea is that we can look at the AVC messages that are generated and > figure out what the servers were trying to do. Then we can give some > advise to the administrator on the corrective measures. So what we are > looking for are expected code paths where there is a file context of > boolean available. > Usually if a AVC denied is fixed with a corresponding rule, the next AVC comes up in the log (allow getattr, after that ACV:denied read, and so on). Probably we don't want to annoy the administrator with several pop-ups coming up on his screen. What do you think about that?