[Freeipa-devel] [PATCH] fix an selinux problem with ipa_kpasswd
jdennis at redhat.com
Tue Apr 1 20:01:58 UTC 2008
Rob Crittenden wrote:
> An SELinux AVC was thrown related to /proc during a password reset. This
> fixes that on some systems. It is still broken on Fedora 7 at least.
Rob, are you aware there is a tool which will watch a running system and
pop up a notification whenever an AVC denial occurs? This can be a
useful thing during development because AVC's may go unnoticed and it's
best to get them fixed ASAP. The tool also works in permissive mode so
you still get the notifications but nothing is blocked.
The tool is setroubleshoot and the desktop GUI component is sealert.
Typically it's installed and enabled. The sealert GUI depends on the
setroubleshoot service, the normal service and chkconfig commands apply.
John Dennis <jdennis at redhat.com>
More information about the Freeipa-devel