selinux problem 'popup'
jd1008
jd1008 at gmail.com
Tue Jun 16 23:38:17 UTC 2015
On 06/16/2015 05:24 PM, Tahir Hafiz wrote:
> On Tue, Jun 16, 2015 at 10:27 PM, Martin Cigorraga
> <martincigorraga at gmail.com <mailto:martincigorraga at gmail.com>>wrote:
>
> Check with SELinux Troubleshooter.
>
> On Tue, Jun 16, 2015 at 6:24 PM jd1008 <jd1008 at gmail.com
> <mailto:jd1008 at gmail.com>> wrote:
>
>
>
> On 06/16/2015 03:22 PM, jd1008 wrote:
> > Selinux comlained the a program "attempted write on this
> directory"
> >
> > but it does not say which directory.
> > I looked in /var/log but even there it does not say which
> directory.
> >
> > So how can I find out which directory the program attempted
> the write?
> The program in question is python2.7.
> --
>
>If you do a
>sealert -a /var/log/audit/audit.log
>
>That should output what SELinux policy was infringed.
>
>SELinux logs to /var/log/audit/audit.log
>
>grep AVC /var/log/audit/audit.log
>s another way to parse the log file for SELinux comments.
>
>
>Cheers,
>Tahir
Thank you Tahir. Only "sealert -a /var/log/audit/audit.log"
shows me the path of the file that selinux prevented a process from
accessing.
So, I guess I have one of 2 options:
touch /.autorelabel followed by reboot
or
run
grep python /var/log/audit/audit.log | audit2allow -M mypol
semodule -i mypol.pp
Will try autorelabel first.
Kind regards,
JD
More information about the users
mailing list