on 9/23/2007 7:06 AM, Tim wrote: > On Sun, 2007-09-23 at 02:24 -0500, Arthur Pemberton wrote: >> * With setrobuleshoot now runnings, Tim recreates the event. and >> setroubleshoot prints a message to /var/log/message asking Tim to run >> a specific command for information on the SELinux denial, and how to >> fix it. >> * Tim copies and paste the command into a terminal and hits RETURN >> * Tim is given a brief break down on why SELinux denied this >> particular action >> * Tim is also given the exact command necessary to fix the problem >> which he copies and pastes into a terminal and executes >> * Tim attempts http://localhost/test.html again, and it works > > The problem with the troubleshooter, is that it still spews out some > bizarre information that you have to take on faith. There are a lot of > people who'll be presented with a command to fix the problem, which > they'll do without any due consideration whether that thing should have > been denied. Just the same as Windows users who just allow everything > the firewall asks them about. > > Fair enough if you're trying to webserve a file, it denies it, and you > follow the information. You know you want to allow that, it's something > that you're in the middle of doing. But the other warnings it throws up > about the things happening in the background sure leave a lot to be > desired. You don't know if you're persuing a bug in SELinux, or what > SELinux is warning you about. It's full of jargon. Or if the .png file that SELinux is concerned about here is really an executable, 'bad', file that is going to compromise your system. ;-) -- David
Attachment:
signature.asc
Description: OpenPGP digital signature
