[Freeipa-devel] [PATCH] fix an selinux problem with ipa_kpasswd

John Dennis jdennis at redhat.com
Tue Apr 1 20:01:58 UTC 2008

Rob Crittenden wrote:
> An SELinux AVC was thrown related to /proc during a password reset. This 
> fixes that on some systems. It is still broken on Fedora 7 at least.

Rob, are you aware there is a tool which will watch a running system and 
pop up a notification whenever an AVC denial occurs? This can be a 
useful thing during development because AVC's may go unnoticed and it's 
best to get them fixed ASAP. The tool also works in permissive mode so 
you still get the notifications but nothing is blocked.

The tool is setroubleshoot and the desktop GUI component is sealert. 
Typically it's installed and enabled. The sealert GUI depends on the 
setroubleshoot service, the normal service and chkconfig commands apply.
John Dennis <jdennis at redhat.com>

More information about the Freeipa-devel mailing list