AVC denied messages from booting?

Russell Coker russell at coker.com.au
Sun Mar 7 03:59:07 UTC 2004


On Sun, 7 Mar 2004 12:59, "Richard Hally" <rhally at mindspring.com> wrote:
> I'm running in SELinux permissive mode and after booting up to runlevel 5
> and logging in, I look at /var/log/messages and see quite few AVC denied
> messages. Is this happening on other peoples systems?

Yes.  Please attach the list of messages and we'll fix them.

> I have been downloading all the latest policy (and related) packages and
> the rest of the /development tree for the last few weeks but it doesn't
> look like there are fewer AVC denied messages each time I boot with each
> new kernel and policy. Should I expect the default policy to allow me to
> boot an "Everything installed"  /development updated system with no AVC
> denied messages? At some point in the near future?
> More generally, what is the Red Hat plan and objective for developing the
> policy they package?

There should be very few AVC messages.  In some cases applications may attempt 
things that they shouldn't do but which are not suitable for dontaudit rules, 
so we won't get to 0 AVC messages without changing some code.



PS  The below information was contained in the attachment to your message.  
You might want to turn that off and then rename the directory for security 
reasons.

C:\Documents and Settings\richard\Application 
Data\Microsoft\Outlook\outlook.pst

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page




More information about the fedora-selinux-list mailing list