Query regarding booleans
Daniel J Walsh
dwalsh at redhat.com
Thu Feb 12 13:53:11 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Deependra Singh Shekhawat wrote:
> Sorry,
>
> My gmail is not configured properly and by default it is sending reply
> to you and not the list.
>
> Yes I am using RHEL 5 update 2.
>
> Thanks
>
> Daniel J Walsh wrote:
>> Deependra Singh Shekhawat wrote:
>>> On Thu, Feb 5, 2009 at 11:26 PM, Stephen Smalley <sds at tycho.nsa.gov> wrote:
>>>> On Wed, 2009-02-04 at 21:18 -0800, Deependra Singh Shekhawat wrote:
>>>>> Greetings,
>>>>>
>>>>>
>>>>>
>>>>> I have written a selinux policy in fedora which actually have a
>>>>> boolean declared within the policy and when the boolean is on some
>>>>> allow rules are written which actually come into picture. But if the
>>>>> boolean is off the SELinux denial message doesn't suggest the user to
>>>>> actually switch on the boolean. I have seen in the normal case with
>>>>> the default booleans this is not the case and the denial actually
>>>>> suggest the user to switch on the boolean. I believe I need to do
>>>>> something more then what I am currently doing that's why I am asking
>>>>> here.
>>>>>
>>>>>
>>>>>
>>>>> Can you suggest me anything regarding this ?
>>>> If you feed the denial message to audit2why, does it suggest changing
>>>> the boolean?
>>>>
>>>> --
>>>> Stephen Smalley
>>>> National Security Agency
>>>>
>>>>
>>> Sorry for a late reply.
>>> Yes it says to look for boolean settings but it doesn't mention any boolean
>>> name as such.
>>> Thanks
>
>>> ------------------------------------------------------------------------
>>> --
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>> RHEL5?
>
- --
fedora-selinux-list mailing list
fedora-selinux-list at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
RHEL5 audit2allow/audit2why was not as smart as F9/F10 where it can find
a boolean that can satisfy an avc message
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmUKccACgkQrlYvE4MpobNETQCcDZH5J33qfZQVqIqZNVKMA+Y3
RzkAoJKdQEKjEAdPZI5AqdZZvkJc17yv
=7rFH
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list