[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Beginner question deciphering SELinux logs

From: Eric Paris <eparis redhat com>
To: Lance Spitzner <lance spitzner net>
Cc: fedora-selinux-list redhat com
Subject: Re: Beginner question deciphering SELinux logs
Date: Wed, 02 Jan 2008 11:02:31 -0500

On Tue, 2008-01-01 at 20:59 -0600, Lance Spitzner wrote:
> >
> >> PS: Is there anyway to configure SELinux/auditd to use regular dates,
> >> as sylogd does?
> >
> > Stop looking at audit logs directly.  (I'll leave the policy questions
> > to the policy people, sorry)
> >
> > ausearch -m AVC -i
> 
> Very cool, thanks!  One other outstanding suggestion I received was  
> the RPM pkg 'setroubleshoot'.  It does a mind blowing / amazing job of  
> taking AVC error messages and explaining to you exactly what they mean  
> and suggested actions.  Not only does it help troubleshooting, but it  
> helps to better understand SElinux in general.  Now only if there was  
> such a utlity for the rest of Linux logging (dmesg anyone? :).
> 
> Thanks!
> 
> lance
> 
> Summary
>      SELinux is preventing /usr/sbin/named (named_t) "getattr" access to
>      /dev/random (tmpfs_t).

ummm, how did it get mislabled?   hmmm, anyway, if you followed the
restorecon suggestion i assume it started working....

-Eric

References:
- Beginner question deciphering SELinux logs
  - From: Lance Spitzner
- Re: Beginner question deciphering SELinux logs
  - From: Eric Paris
- Re: Beginner question deciphering SELinux logs
  - From: Lance Spitzner

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]