On Thu, 2006-08-17 at 08:45 -0400, William W. Austin wrote: > I am running auditd, and there are (at the moment) about 700 such > messages there. But I am (have been) unsure what to do about them. > Here is a frequency count on the denied avc's > epiphany 1 > firefox-bin 1 > fuser 5 > galeon 1 > ifconfig 90 > ld-linux.so.2 6 > prelink 1 > procmail 156 > smbd 421 > > (Obviously this machine is also the samba server for a local network.) > > Any suggestions would be appreciated - I am at the point of removing or > disabling selinux from the system, but I had wanted to get more > understanding of it as I would like to use it on 2 other machines in > the office which do *not* have an industrial-strength in front of them. Take a few representative examples as a starting point and post them to fedora-selinux-list if you want help interpreting them. Don't post repeats, naturally. Or file a bugzilla against policy and attach your audit.log. The Fedora SELinux FAQ has helpful information, as does the wiki, http://fedora.redhat.com/docs/selinux-faq-fc5/ http://fedoraproject.org/wiki/SELinux/ audit2allow can help you with generating policy from those avc messages, but you don't want to do so blindly, and if they are legitimate, then they need to be reported via the list or bugzilla so that the policy can include them going forward, even if you temporarily generate a local policy module to work around them in the interim. -- Stephen Smalley National Security Agency