[Bug 196748] Review Request: setroubleshoot - automatic diagnosis of SELinux problems

bugzilla at redhat.com bugzilla at redhat.com
Thu Jul 6 19:44:56 UTC 2006 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: setroubleshoot - automatic diagnosis of SELinux problems


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196748





------- Additional Comments From jdennis at redhat.com  2006-07-06 15:36 EST -------
I realize the package needs documentation but let me explain what Bill probably
experienced. There are two basic modes the analyzer can run it, either running
in the background waiting to be triggered by an real time AVC, or run against a
log file which might contain AVC messages.

In the former case, AVC real time event mode, the trigger is fired by auditd, it
invokes the analyzer because /etc/auditd.conf has its dispatcher line set to
/usr/sbin/avc_snap (BTW, that name is going to change), avc_snap talks to the
troubleshooter daemon setroubleshootd. However, the rpm in its current form does
not edit auditd.conf or manage the auditd service, all for a variety of good
packaging practices. Thus you may not have seen anything if auditd was not
running or it's dispatcher was not set to avc_snap. Steve Grubb and I are
working on fixing this issue this week. The plan is to have auditd find plugin
configuration files in /etc/audisp.d. When that functionality is present
(expected next week) then setroubleshoot will install a configuration file
there. (BTW, I did just notice the spec file was missing a requires for "audit",
that has been fixed).

The second mode, log file scanning, can be done via

% /usr/sbin/setroubleshoot filename

Just be aware the version you have does not throttle multiple alerts and may
fire off a bunch of them in succession, throttling code will be checked in tommorow.

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the Fedora-package-review mailing list