too many sealerts, most have been reported, and still see denials

Justin P. Mattock justinmattock at gmail.com
Sat Sep 12 21:12:42 UTC 2009 

Antonio Olivares wrote:
>> Not exactly sure whats happening. keep in mind
>> if your using a development versions of fedora,
>> then you will run into issues.(if your on stable then
>> you should be fine).
>>
>>      
> I knew that ahead of time, but it did not seem to be this troublesome this time with Fedora 12.  I have been testing since Fedora 5 Test 2 release and have not encountered as many denials as I have in this Fedora 12 testing phase.  Guess many don't complain because they run selinux disabled selinux=0, or enforcing=0 so they don't care to report the issues?
>
>    
depends, some people dislike SELinux, and some use it without
issues. I personally have taken a liking to using SELinux, although
sometimes do get myself in a jam, with some wrong configuration
that causes a bit of frustration.

As for the latest fedora(haven't tried 12) thought the system was
very well built.
>> As for the avc's being generated, tough to say
>> As of now I'm running the latest policy, with a custom
>> built system(LFS).
>> One thing for sure, is if  I move to a newer system
>> there will be issues with gnome and the latest refpolicy
>> due to the heavy development with refpolicy, and gnome.
>>
>> Have you tried using a different policy other than what
>> fedora has?
>>      
>
> I don't know much about this :(, I am just using default Fedora policies.  I guess I just need to be patient and let things work out one by one.  When I get more pops and alerts, I should post here and to bugzilla and hope that the illness' are cured :)
>
> Regards,
>
> Antonio
>
>
>
>
>    
That's fine.
Sometimes these avc's might be being generated
by a mislabel somewhere. If you can try and locate
the location of what is being fired off(the avc denial should show you)
then use:
restorecon -R /tosomedir
and see if this fixes your issue.
if not try the #selinux irc list to see if somebody can help
or the SELinux mailing lists(but keep in mind it is the weekend
and those guys are normally off of work).

And also don't worry, Ill try and help you out as much as
I can.(doing a git bisect so I have plenty of time).

Justin P. Mattock

More information about the fedora-selinux-list mailing list