[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Selinux and Firefox



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matthew Saltzman wrote:
> On Sun, 2008-12-07 at 20:44 -0600, Mikkel L. Ellertson wrote:
>> Jim wrote:
>>> stan wrote:
>>>> I don't run KDE and SELinux is Greek to me, but what is the error
>>>> message, and does SETroubleshooter (the yellow star) recommend a fix? 
>>>> That will probably help others respond.
>>>>
>>> It was the /user/.macromedia directory that was causing Selinux to send
>>> errors, I ran the recommened command to correct selinux but that didn't
>>> help so I just sent the .macromedia directory to the trashcan and it
>>> regenerated a new .macromedia directory and no more problems with Selinux.
>>>
>> One thing that can be a problem with the SELinux messages is that
>> they usually do not provide the full path to the file you need to
>> change the context of - it is usually something like ./<file> witch
>> only works if you are in the correct directory when you try to
>> change the context.
> 
> It would be nice if the full path were reported, but one can often find
> the relevant file with just a 'locate' and a little common sense
> (your .sig quote notwithstanding).
> 
>> Mikkel
Yes, sadly this is a kernel issue, the kernel only has an Inode at the
time of the AVC and is unable to regenerate the complete path.  You can
turn on full auditing but this hits you with a 5% hit on permformance,
not considered worth it.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkk+150ACgkQrlYvE4MpobP2/wCgwduBtlZBFyajfjb4/ZZH65Hn
DnAAniCkskXpZw9E7UiK8+tuwvrUPiy7
=XLf7
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]