On 4/7/06, Paul Howarth <paul@xxxxxxxxxxxx> wrote: > To make changes to SELinux policy to fix this issue, you should: > > * Put SELinux in permissive mode (setenforce 0) > * Note the exact time (date) > * Run your application (which should work since SELinux is in permissive > mode) > * Note the exact time again (date) > * Look in /var/log/messages for all "avc: denied" messages between the > two times you noted > * Follow the instructions at > http://fedoraproject.org/wiki/SELinux/LoadableModules/Audit2allow for > making and enabling a local SELinux policy module to allow the things > that were denied between the two times you noted > * Put SELinux back in enforcing mode (setenforce 1) > * Try running the program again. It should still work. > Paul. Thanks for that excellent tip Paul. I had SELinux disabled at home (but enabled on my web server at the office) because of issues and not knowing much about SELinux (and not having the time to learn it right now unfortunately). But your tip sounds like a very workable solution to identifying any issues with SELinux and making the necessary changes. I have SELinux set back to enforce at home and will use your tip to trouble shoot. Setting it to permissive would help to some extent, but unless you check the logs, you'd never realize if SELinux was an issue. And you wouldn't have the protection of SELinux. Thanks! Jacques B.
