[Novalug] Speaking of SELinux...

Nick Danger nick at hackermonkey.com
Tue Mar 6 13:53:17 EST 2007 

Those messages are strictly informatory. Be careful not to do what I
just did was spend 10 minutes thinking the message is why my daemon
wouldn't run when the message wasn't really the problem ;-)


On Tue, 2007-03-06 at 12:23 -0500, Ken Kauffman wrote:
> 1) The relevant policies for that subsystem are not loaded
> 2) Switching to permissive allows you to debug and tune rules before lockdown
> 3) Yes, they are advisory in Permissive mode.
> 
> 
> On Tue, March 6, 2007 11:39, Clif Flynt wrote:
> > Hi,
> >   I've just set up a Fedora-Core-6 system for use as a mail/httpd server.
> >
> >   I'm seeing a bunch of messages like this in the log file:
> >
> > Mar  4 07:42:27 keep2 kernel: audit(1173012147.439:11): avc:  denied  {
> > read } f
> > or  pid=317 comm="vi" name="src" dev=md0 ino=3794844
> > scontext=user_u:system_r:sy
> > sadm_passwd_t:s0 tcontext=system_u:object_r:src_t:s0 tclass=dir
> >
> > Mar  4 14:29:43 keep2 kernel: audit(1173036583.586:12): avc:  denied  {
> > setfscre
> > ate } for  pid=31553 comm="cp"
> > scontext=root:system_r:bootloader_t:s0-s0:c0.c102
> > 3 tcontext=root:system_r:bootloader_t:s0-s0:c0.c1023 tclass=process
> >
> >   I started with SELinux set to mode permissive, and then totally disabled
> > it, but the messages are still appearing.
> >
> >   The applications it's complaining about don't seem to be failing, so I'm
> > suspecting that this is an advisory message, but I'm not certain.
> > Googling
> > didn't get me the info I need.
> >
> >   So, anyone want to suggest whether this is a functionality problem or
> > just filling log files??
> >
> >   Clif
> > --
> > .... Clif Flynt ... http://www.cflynt.com ... clif at cflynt.com ...
> > .. Tcl/Tk: A Developer's Guide (2nd edition) - Morgan Kauffman ..
> > 14th Annual Tcl/Tk Conference:  Sep 24-28 2007,  New Orleans, LA.
> > .............  http://www.tcl.tk/community/tcl2007/  ............
> >
> >
> > _______________________________________________
> > Novalug mailing list
> > Novalug at calypso.tux.org
> > http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
> >
> 
> 
> _______________________________________________
> Novalug mailing list
> Novalug at calypso.tux.org
> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
>

More information about the Novalug mailing list