A policy from scratch and permissive mode
Stefan Schulze Frielinghaus
stefan at seekline.net
Wed Dec 25 22:14:18 UTC 2013
With the help of Dominick Grift I solved the problem.
Just for the records. The logfile /var/log/audit/audit.log is not the
only place you might wanna look for failed resource accesses. In my case
journalctl logged several (denied) attempts to DBUS which where not
logged in /var/log/audit/audit.log. Once I allowed them, the application
runs fine even in enforcing mode.
All in all, I learned to have a look at
- ausearch -m AVC,USER_AVC,SELINUX_ERR -ts today
- journalctl
- dmesg/messages or whatever logfile else
Cheers,
Stefan
More information about the selinux
mailing list