-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/22/2011 06:34 PM, Richard Shaw wrote: > 2011/1/22 Jorge Fábregas <jorge.fabregas@xxxxxxxxx>: >> On 01/22/2011 11:02 AM, Richard Shaw wrote: >>> Jan 22 08:59:45 hobbes setroubleshoot: Setroubleshoot can not analyze >>> AVCs while dontaudit rules are disabled, 'semodule -B' will turn on >>> dontaudit rules. >>> >>> What does it mean and should I do what it says? >> >> What version of Fedora are you running? Since when did it started >> happening? Does it happens when you do a particular action (open any >> particular program)? > > I'm running F14 x86_64 which was preupgraded from F13 and before that > F12. I'm not sure when these started showing up. I was actually trying > to troubleshoot my DVD writer as it has been acting strangely and I'm > not sure if it's a hardware or software problem. > > >> In the SELinux policy, there are dozens of these "dontaudit rules". >> They basically deny access requested by some program. These denials are >> so generic that the policy writer decided not to audit them so you won't >> get plenty of denial messages on your logs. In the rare occasion that >> you suspect SELinux is causing problems (and you're not getting any >> message on the logs) then you would "disable" these dontaudit-rules in >> order to get FULL detail of every denial. You disable these "dontaudit >> rules" by doing "semodule -DB". If you haven't done this yourself, >> I'm really not sure why you are getting these messages. >> >> Try running "semodule -B" and see if that solves it. > > I'll give it a try! > > Thanks, > Richard It means you have turned off dontaudit rules and setroubleshoot will not run until you turn them back on. Execute semodule -B To turn them on. When you turn off dontaudit rules setroubleshoot gets inundated with AVC messages that are not bugs. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk09q0wACgkQrlYvE4MpobP6oQCgz8HuAZcDyddQ9T2kJJ4vVhMl OQEAn29xcjbzAJuXxYXXzdwzixWw0Mkj =eLmY -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
