<br><br> <div><span class="gmail_quote">On 8/2/06, <b class="gmail_sendername">Tod Merley</b> <<a href="mailto:todbot88@gmail.com">todbot88@gmail.com</a>> wrote:</span></div> <blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"> <div><br><br> <div></div> <div>Hi David!<br><br>Learning with you, not an expert!<br><br>I did find that AVC appears to be strongly associated, if not SElinux:<br><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.die.net/doc/linux/man/man3/avc_cache_stats.3.html" target="_blank"> http://www.die.net/doc/linux/man/man3/avc_cache_stats.3.html</a><br><br>And is mentioned in at least one SElinux FAQ:<br><br> From : <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id2826243 " target="_blank"> http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id2826243 </a></div></div></blockquote> <div>=========</div> <div>Many thanks for the web links. In fact I am new to SElinux. I started reading about it after this problem. However I am determined to understand it. I have another system running FC4 which serves as backup. I'll use this one to understand the functioning of SElinux. </div> <div>=========<br> </div> <blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"> <div> <div>Q: <br>My application isn't working as expected and I am seeing avc: denied messages, how do I fix this?<br><br>A: <br>This message means that the current SELinux policy is not allowing the application to do something. There are a number of reasons this could happen. <br><br>First, one of the files the application is trying to access could be mislabeled. If the AVC message refers to a specific file, inspect its current label with ls -alZ /path/to/file. If it seems wrong, you could try using restorecon -v /path/to/file. If you have a large number of denials related to files, you may want to use fixfiles relabel, or run restorecon with the -R option to recursively relabel a directory path. </div></div></blockquote> <div>===============</div> <div>I have booted linux rescue and checked the mingetty attributes in /sbin. However I can't say whether it's wrong. I have done a restorecon -v and noted that the label did not change. I am getting an avc denied for hotplug as well. I have checked on the other FC4 system ;mingetty has no label and hotplug has same label as the faulty system. </div> <div> </div> <div>rwxr-xr-x root root system_u:object_r:hotplug_exec_t hotplug</div> <div>rwxr-xr-x root root system_u:object_r:getty_exec_t mingetty (no label on working system)</div> <div> </div> <div>=====================<br> </div> <blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"> <div> <div>Other times, denials may be due to a configuration change in the program not being allowed by the policy. For example, if you change Apache to also listen on port 8800, this will require a change in the security policy, apache.te. See External Link List for more information about writing policy.<br><br>If you are having trouble getting a specific application like Apache to work, see How to use system-config-securitylevel for how to disable enforcement just for that application. </div></div></blockquote> <div>=================================</div> <div>I have not done major changes lately. I am trying to install a tacacs+ server on Linux. Well I did not reboot my system for a while and when I did, I could access the console. I have compiled tcp_wrappers, skey, openssh and tacacs+. Since I could not find the tac_plus.conf file after installation, I decided to reboot. </div> <div> </div> <div>==================<br> </div> <blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"> <div> <div>AVC may have to do with other things I am still googleing.<br><br>If I were you I would be looking at my policy file and turning off SElinux to see what is going on.<br><br>I hope this helps!<br><br>Good Hunting! <br> </div></div> <div><span class="sg"><br>Tod</span></div></blockquote> <div> </div> <p>=======================</p> <p>Thanks stephen for your suggestion and the others as well. I am new to SElinux and all your information provided are very useful. Disabling it would just be like sweeping the problem under the carpet.</p>