SELinux Admin newbie question

Sebastian Pfaff sebastian.pfaff at
Thu Mar 4 16:17:00 UTC 2010

Hey Temlakos,

> Where do I find the logs to tell me what permissions a certain new
> application will need to operate?

You find these messages in /var/log/audit/audit.log. Open this file  
with a pager of your choice (e.g. less or more). Then look for  
messages with type AVC. As an alternativ you can use ausearch to find  
SELinux AVC (Access Vector Cache) denials/messages.

this command:

ausearch -m avc -ts today  # shows you all auditd messages of type AVC  
which are generated today. Consult manpage of ausearch for details.

How to read AVC denials is described here:

(Read topic "7.3. Fixing Problems")

> I'm using Fedora 12 on an HP Pavilion machine with a dual-core
> processor. Several times I have tried to install an application called
> TweetDeck. And each time I do, I am told that TweetDeck is having
> trouble accessing some secure passwords that are stored on the  
> machine.

Redo your workflow and paste your AVC denials to this list.

> I am convinced that SELinux is doing it.

Probably yes.

> But I don't know how to get
> SELinux to play nice, because I can't see where the problem is.

You can use audit2allow to get SELinux to play nice. But be careful  
when using this command. audit2allow simply generates SELinux rules  
(aka Access Vector Rules) based on /var/log/audit/audit.log . It is  
not uncommon that audit2allow allows more than you want. But for a  
beginner this tool is a good choice.

Sebastian Pfaff

More information about the selinux mailing list