Setroubleshoot errors in /var/log/messages
Richard Shaw
hobbes1069 at gmail.com
Sat Jan 22 23:34:35 UTC 2011
2011/1/22 Jorge Fábregas <jorge.fabregas at gmail.com>:
> On 01/22/2011 11:02 AM, Richard Shaw wrote:
>> Jan 22 08:59:45 hobbes setroubleshoot: Setroubleshoot can not analyze
>> AVCs while dontaudit rules are disabled, 'semodule -B' will turn on
>> dontaudit rules.
>>
>> What does it mean and should I do what it says?
>
> What version of Fedora are you running? Since when did it started
> happening? Does it happens when you do a particular action (open any
> particular program)?
I'm running F14 x86_64 which was preupgraded from F13 and before that
F12. I'm not sure when these started showing up. I was actually trying
to troubleshoot my DVD writer as it has been acting strangely and I'm
not sure if it's a hardware or software problem.
> In the SELinux policy, there are dozens of these "dontaudit rules".
> They basically deny access requested by some program. These denials are
> so generic that the policy writer decided not to audit them so you won't
> get plenty of denial messages on your logs. In the rare occasion that
> you suspect SELinux is causing problems (and you're not getting any
> message on the logs) then you would "disable" these dontaudit-rules in
> order to get FULL detail of every denial. You disable these "dontaudit
> rules" by doing "semodule -DB". If you haven't done this yourself,
> I'm really not sure why you are getting these messages.
>
> Try running "semodule -B" and see if that solves it.
I'll give it a try!
Thanks,
Richard
More information about the users
mailing list