Proposal: Improving SELinux <--> user interaction on Fedora - Kerneloops for SELinux
max bianco
maximilianbianco at gmail.com
Mon Jul 21 21:34:25 UTC 2008
On Thu, Jul 17, 2008 at 7:26 PM, Ahmed Kamal
<email.ahmedkamal at googlemail.com> wrote:
> I'd say I am a pretty knowledgeable Linux user. However, when I see an
> AVC denial, and the recommended chcon doesn't fix it, I'm pretty much
> lost! I need to launch that server or that application NOW, and
> selinux is stopping that ... and the policy won't be fixed for days,
> it won't even be fixed at all if that's a 3rd party app! I need
> something to help me launch my apps if I so choose! a 95% selinux
> protected system, is so much better than one with it disabled, which
> what I always seem to end up doing to get my work done!
>
The tools to fix this already exist.
man audit2allow
man ausearch
The man pages explain things pretty well. If I can read them and fix
my own problems so can any competent sysadmin.
ausearch can be used with audit2allow to generate the needed rules.
The rules shouldn't be blindly accepted but they can get you buy for
the moment.
Its all documented in the man pages, every step. SysAdmins need to get
used to SELinux and use the available troubleshooting tools. The Z
option is available on a few commands.
Max
--
If opinions were really like assholes we'd each have just one
More information about the devel
mailing list