Unable to modify a file in enforcing mode, but no denials seen even after semodule -DB
Daniel J Walsh
dwalsh at redhat.com
Wed Jul 31 16:18:41 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/31/2013 12:01 PM, Radha Venkatesh (radvenka) wrote:
> Any input on the below question?
>
>
>
> *From:*Radha Venkatesh (radvenka) *Sent:* Tuesday, July 30, 2013 4:12 PM
> *To:* fedora-selinux-list at redhat.com; selinux at lists.fedoraproject.org *Cc:*
> ipc-selinux-dev(mailer list); Prakash Mishra -X (prakasmi - INFOSYS
> TECHNOLOGIES LIMITED at Cisco) *Subject:* Unable to modify a file in
> enforcing mode, but no denials seen even after semodule -DB
>
>
>
> We have a strange issue showing up in our system. We are trying to modify
> a configuration file - we are unable to in enforcing mode but are able to
> in permissive mode. There are no denials seen.
>
>
>
> We have run semodule –DB, to get to the hidden denials, but to no avail.
>
>
>
> Could you give us some pointers on how to get to the bottom of this?
>
>
>
> Thanks,
>
> Radha.
>
>
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
The only time I have seen stuff like this is when you have an SELinux aware
application that is not logging properly.
I would look for user_avc or selinux_err
ausearch -m avc,user_avc,selinux_err
Also is there any clue in any of the logging information?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlH5OOEACgkQrlYvE4MpobOGjQCgz8VnV3dTdNwR5swcjw04bAld
tMIAn0k9ShrKD14MZRmBmFM0e8VwNt/J
=bHqd
-----END PGP SIGNATURE-----
More information about the selinux
mailing list