Re: What should we NOT do because of SELinux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/13/06, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> On Wed, 2006-04-12 at 17:03 -0400, Lee Maschmeyer wrote:
> > Perhaps a stupid question but still I'm uncertain...
> >
> > I'm getting "avc:  denied" messages for all 6 mingetty invocations before
> > login, though the system works fine afterward. I think these may have been
> > triggered by an attempt I made to start the program that drives my braille
> > display (brltty). Up to now I've been able to start this from
> > /etc/rc.d/rc.sysinit by invoking brltty after rc.sysinit was reinvoked under
> > initlog. Not seeing anything about initlog near the beginning of FC5's
> > rc.sysinit I stuck in the command anyway. It didn't work and I removed it,
> > ultimately putting it in rc.local instead. But even though I removed
> > rc.sysinit~ so the directory should look normal, perhaps except for the last
> > change date on rc.sysinit, I still get all these "avc:  denied" messages.
> >
> > Did I cause this by messing with rc.sysinit? As I continue to go through the
> > SELinux FAQ will I find out what to do to dispense with this - artwork? :-)
>
> Post the avc denials to fedora-selinux-list; difficult to determine the
> cause without seeing the actual messages.
>
> --
> Stephen Smalley
> National Security Agency
>

You can find out for yourself by using audit2why. An ancillary tool is
audit2allow which is provided to fix the problem.

By the way, if you want audit.log you will need to install audit. The
package is no longer installed by default in FC5.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux