FC2T2: 2 questions
Alexander Volovics
awol at home.nl
Wed Mar 31 15:09:30 UTC 2004
On Wed, Mar 31, 2004 at 03:04:50PM +0200, Leonard den Ottolander wrote:
> > - I configured SElinux as 'permissive' during install in the hope
> > that everything would work as in previous versions of RH/Fedora
> > and I would just get warnings if things had changed.
> > But, for example, I could not start the 'system-config-*' apps
> > from the menu and had to run them as root in a terminal.
> > Changing SElinux to 'disabled' fixed this.
> > Is this a deliberate policy configuration or a bug?
> What does your system log tell you about this? Any selinux warnings?
If the numerous 'audit: avc: denied' entries are selinus warnings, yes.
I have whole colonies, for example:
kernel: audit(1080722514.102:0): avc: denied { search } for pid=1842 exe=/bin/su name=root dev=hda2 ino=294913 scontext=user_u:user_r:user_su_t tcontext=root:object_r:staff_home_dir_t tclass=dir
I don't have the energy to delve into this mess in any detail.
I have skimmed all the selinux faq's and intro's but non of them
has a really clear and systematic overview of selinux and it's usefulness
for a home pc connected to the internet, a systematic overview of
the config files, what should be configured and to what purpose.
Alexander
More information about the fedora-test-list
mailing list