SELinux Admin newbie question
sebastian.pfaff at gmail.com
Thu Mar 4 16:17:00 UTC 2010
> Where do I find the logs to tell me what permissions a certain new
> application will need to operate?
You find these messages in /var/log/audit/audit.log. Open this file
with a pager of your choice (e.g. less or more). Then look for
messages with type AVC. As an alternativ you can use ausearch to find
SELinux AVC (Access Vector Cache) denials/messages.
ausearch -m avc -ts today # shows you all auditd messages of type AVC
which are generated today. Consult manpage of ausearch for details.
How to read AVC denials is described here:
(Read topic "7.3. Fixing Problems")
> I'm using Fedora 12 on an HP Pavilion machine with a dual-core
> processor. Several times I have tried to install an application called
> TweetDeck. And each time I do, I am told that TweetDeck is having
> trouble accessing some secure passwords that are stored on the
Redo your workflow and paste your AVC denials to this list.
> I am convinced that SELinux is doing it.
> But I don't know how to get
> SELinux to play nice, because I can't see where the problem is.
You can use audit2allow to get SELinux to play nice. But be careful
when using this command. audit2allow simply generates SELinux rules
(aka Access Vector Rules) based on /var/log/audit/audit.log . It is
not uncommon that audit2allow allows more than you want. But for a
beginner this tool is a good choice.
More information about the selinux