file, executable, and policy
Daniel J Walsh
dwalsh at redhat.com
Mon Nov 5 13:29:27 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/04/2012 06:03 PM, ken wrote:
> It's nice with selinux that a notification window pops up when a violation
> has been detected... and then that it's a simple matter to click on an icon
> to pop open a window with much more information. But lacking in that
> window is critical information necessary to identify and then perhaps
> resolve the issue.
>
> Fundamentally the action of some executable has tried, against policy, to
> access some file. So why doesn't this page list:
>
> - the name of the file, including full path, against which access was
> attempted;
>
> - the name of the executable, including full path, which tried to access
> that file; and
>
> -- text explaining the policy which was violated, or at least a link to
> it?
>
> I've had selinux installed for some years now (in permissive mode), but am
> considering uninstalling it because, lacking this obvious and critical
> information, there doesn't seem to be a point to it.
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Why doesn't SELinux give you full path?
http://danwalsh.livejournal.com/34903.html?thread=220247
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlCXvzcACgkQrlYvE4MpobPROACfaI/FgJsPKa8eOCaDYMHwLSCJ
8zcAoLW8cgTeHC2AJXcAXbfo7FvTJwxK
=nhdX
-----END PGP SIGNATURE-----
More information about the selinux
mailing list