On Sun, 2007-09-23 at 02:24 -0500, Arthur Pemberton wrote: > * With setrobuleshoot now runnings, Tim recreates the event. and > setroubleshoot prints a message to /var/log/message asking Tim to run > a specific command for information on the SELinux denial, and how to > fix it. > * Tim copies and paste the command into a terminal and hits RETURN > * Tim is given a brief break down on why SELinux denied this > particular action > * Tim is also given the exact command necessary to fix the problem > which he copies and pastes into a terminal and executes > * Tim attempts http://localhost/test.html again, and it works The problem with the troubleshooter, is that it still spews out some bizarre information that you have to take on faith. There are a lot of people who'll be presented with a command to fix the problem, which they'll do without any due consideration whether that thing should have been denied. Just the same as Windows users who just allow everything the firewall asks them about. Fair enough if you're trying to webserve a file, it denies it, and you follow the information. You know you want to allow that, it's something that you're in the middle of doing. But the other warnings it throws up about the things happening in the background sure leave a lot to be desired. You don't know if you're persuing a bug in SELinux, or what SELinux is warning you about. It's full of jargon. -- [tim@bigblack ~]$ uname -ipr 2.6.22.5-76.fc7 i686 i386 Using FC 4, 5, 6 & 7, plus CentOS 5. Today, it's FC7. Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.