New updates (from 4/5) causing problem getting into gnome

Brian Bober netdemonz at yahoo.com
Sat Apr 10 20:03:38 UTC 2004


--- Russell Coker wrote:
> 
> If you boot the machine in permissive mode then you will have AVC messages 
> logged about operations that would be denied if you were in enforcing mode 
> (so your machine will still work).  If you send us these messages then we can
> help you fix the problems.

When I had setenforce set to 0 before, things still messed up. I'll try it
again.

Is it a problem I ended up with multiple copies of the policy packages? Is this
supposed to happen?

policy-sources-1.9.2-10
policy-sources-1.10.2-1
policy-sources-1.10.1-2
policycoreutils-1.10-1
policy-sources-1.9.2-12
policy-1.10.2-1
checkpolicy-1.10-1


I wrote a script to grab all the avc errors, then clean out the message files,
and I found out that in the last 6 days, I have had 1.66 MB of messages. I
assume you don't want those, since a lot of them are from old packages, and
that I should do messages from this point on. I think I'm going to call this
script in /etc/rc.local

Who should I send the audit messages to?

The script:

#!/bin/sh
#extractavc.sh - Made by Brian "netdragon" Bober - appends all avc errors from 
#                /var/log/messages* to /root/avc-errors.log
#                It also backs up the /var/log/messages* files and then clears
#		         the audit messages from it.
avc_file=/root/avc-errors.log
run_date=`date`
run_kernel=`uname -r`
printf "*****************************\n" >> $avc_file
echo "Date: $run_date  |  Kernel: $run_kernel" >> $avc_file
rpm -qa |grep policy >> $avc_file
printf "*****************************\n\n\n" >> $avc_file
echo "Parsing AVC audit errors from log files"
pushd /root > /dev/null
for i in `ls /var/log/message* | grep -v .bak`
do
    echo "   $i"
	cat $i | grep -e "avc" >> $avc_file
	# Remove avc lines
	cp -f $i $i.bak
	cat $i | grep -ve "avc" > tmp.log
	mv -f tmp.log $i
done
printf "\n\n\n\n\n\n\n" >> $avc_file
popd > /dev/null
echo "done."







More information about the fedora-test-list mailing list