Proposal: Improving SELinux <--> user interaction on Fedora - Kerneloops for SELinux

Ahmed Kamal email.ahmedkamal at googlemail.com
Mon Jul 21 21:36:17 UTC 2008


Are we talking sysadmins only, or are we talking users too ?!

On Tue, Jul 22, 2008 at 12:34 AM, max bianco <maximilianbianco at gmail.com> wrote:
> On Thu, Jul 17, 2008 at 7:26 PM, Ahmed Kamal
> <email.ahmedkamal at googlemail.com> wrote:
>> I'd say I am a pretty knowledgeable Linux user. However, when I see an
>> AVC denial, and the recommended chcon doesn't fix it, I'm pretty much
>> lost! I need to launch that server or that application NOW, and
>> selinux is stopping that ... and the policy won't be fixed for days,
>> it won't even be fixed at all if that's a 3rd party app! I need
>> something to help me launch my apps if I so choose! a 95% selinux
>> protected system, is so much better than one with it disabled, which
>> what I always seem to end up doing to get my work done!
>>
> The tools to fix this already exist.
>
> man audit2allow
> man ausearch
>
> The man pages explain things pretty well. If I can read them and fix
> my own problems so can any competent sysadmin.
> ausearch can be used with audit2allow to generate the needed rules.
> The rules shouldn't be blindly accepted but they can get you buy for
> the moment.
> Its all documented in the man pages, every step. SysAdmins need to get
> used to SELinux and use the available troubleshooting tools. The Z
> option is available on a few commands.
>
>
> Max
> --
> If opinions were really like assholes we'd each have just one
>
> --
> fedora-devel-list mailing list
> fedora-devel-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-devel-list
>




More information about the fedora-devel-list mailing list