AVC Decision Tree.
Thorsten Scherf
tscherf at redhat.com
Fri Mar 31 09:44:25 UTC 2006
On Thu, 2006-03-30 at 14:51 -0500, Daniel J Walsh wrote:
> http://fedoraproject.org/wiki/SELinux/Troubleshooting/AVCDecisions#preview
>
> Trying to build a analysys tool to be able to translate avc messages
> into possible boolean/file_context solutions.
>
> The idea is that we can look at the AVC messages that are generated and
> figure out what the servers were trying to do. Then we can give some
> advise to the administrator on the corrective measures. So what we are
> looking for are expected code paths where there is a file context of
> boolean available.
Usually if a AVC denied is fixed with a corresponding rule, the next AVC
comes up in the log (allow getattr, after that ACV:denied read, and so
on). Probably we don't want to annoy the administrator with several
pop-ups coming up on his screen.
What do you think about that?
--
Thorsten Scherf, RHCE, RHCA, RHCSS Mobile: ++49 172 61 32 548
Red Hat GLS EMEA Fax: ++49 2064 470 564
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20060331/0bc98898/attachment.sig>
More information about the fedora-selinux-list
mailing list