No more selinux-policy-*-sources
Stephen Smalley
sds at tycho.nsa.gov
Tue Mar 14 16:45:36 UTC 2006
On Tue, 2006-03-14 at 11:33 -0500, Jeff Spaleta wrote:
> On 3/14/06, Stephen J. Smoogen <smooge at gmail.com> wrote:
> > 3) They found a legitimate problem with selinux but did not have the
> > tools to debug it or had the training needed to fix it.
>
> I'm getting more comfortable with at least troubleshooting selinux
> errors by looking for avc error messages in the logs. But sometimes i
> run into head-scratching situations that people run into where there
> are no avc error messages being generated but putting selinux into
> permissive mode seems to help as a last resort.
>
> Are there selinux interactions which will not generate avc messages as
> a matter of selinux design? If so how do i troubleshoot or even
> confirm that selinux policy is what an application is tripping over in
> those situations?
Under FC4 and earlier:
http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id2827008
Under FC5, you install the enableaudit.pp package, see the end of:
http://fedoraproject.org/wiki/SELinux/Troubleshooting
The wiki could use some help...
--
Stephen Smalley
National Security Agency
More information about the fedora-devel-list
mailing list