Beginner question deciphering SELinux logs
Eric Paris
eparis at redhat.com
Wed Jan 2 16:02:31 UTC 2008
On Tue, 2008-01-01 at 20:59 -0600, Lance Spitzner wrote:
> >
> >> PS: Is there anyway to configure SELinux/auditd to use regular dates,
> >> as sylogd does?
> >
> > Stop looking at audit logs directly. (I'll leave the policy questions
> > to the policy people, sorry)
> >
> > ausearch -m AVC -i
>
> Very cool, thanks! One other outstanding suggestion I received was
> the RPM pkg 'setroubleshoot'. It does a mind blowing / amazing job of
> taking AVC error messages and explaining to you exactly what they mean
> and suggested actions. Not only does it help troubleshooting, but it
> helps to better understand SElinux in general. Now only if there was
> such a utlity for the rest of Linux logging (dmesg anyone? :).
>
> Thanks!
>
> lance
>
> Summary
> SELinux is preventing /usr/sbin/named (named_t) "getattr" access to
> /dev/random (tmpfs_t).
ummm, how did it get mislabled? hmmm, anyway, if you followed the
restorecon suggestion i assume it started working....
-Eric
More information about the fedora-selinux-list
mailing list