_which_ gui tool? The one that works pretty well in Fedora is the selinux troubleshooter. It's an automatic desktop thing with an alerter. It has a details drop down that includes a command line to fix the problem. If you don't clear the tool, you can go back and review past events. <br>
<br>Most of the reports will not be real break in attempts but will be places when an app tried to do a transition that was not allowed (i.e. a selinux policy bug or the app developer changed the way something worked under hood and the selinux team "didn't get the memo".)<br>
<br><div class="gmail_quote">On Fri, Sep 17, 2010 at 3:29 PM, Drifter <span dir="ltr"><<a href="mailto:drifter@oppositelock.org">drifter@oppositelock.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
I tried using the GUI SELinux command tool -- even went to Red Hat's own<br>
"how to" page for the tool. The instructions were incomplete, to say the<br>
least. The tool simply does not work the way it should. It lists all the<br>
programs for which it has a rule set. But there is no obvious way to pull<br>
up the existing rule set for the program in question, in this case abrtd.<br>
The tool will only let you create a new rule set from scratch.<br>
This is STUPID! Then it requires choices without defining them, leaving<br>
the user to guess.<br>
I'm sorry; I tried. This tool is simply not ready for prime time.<br>
SELinux may be a "Good Thing" (tm) but I have had at least a half dozen<br>
SELinux reports in the past month, all of them false alarms. Have set the<br>
damn thing to Permissive Mode.<br>
<br>
Sean<br>
<br>
-----------------------------------------------------------------------------<br>
<div><div></div><div class="h5"><br>
On Friday, September 17, 2010 02:37:20 pm Jim Kinney wrote:<br>
> for that matter you can run windows but you wouldn't want to.<br>
><br>
> SELinux is a good thing. It should be used. When there are bugs they<br>
> should be reported. With a basic target policy it "JustWorks" 99+% of<br>
> the time. That other tiny fraction is not a show stopper 99.9+% of the<br>
> time.<br>
><br>
> So a bit of policy tweaks (the gui tool in Fedora actually will tell<br>
> you the command to run to allow the blocked process) are a good thing<br>
> to learn about.<br>
><br>
> On Fri, Sep 17, 2010 at 2:18 PM, Jim Lynch<br>
<<a href="mailto:ale_nospam@fayettedigital.com">ale_nospam@fayettedigital.com</a>>wrote:<br>
> > You can do what I always do and disable SELinux.<br>
> ><br>
> > Jim.<br>
> ><br>
> > On 09/17/2010 11:52 AM, Drifter wrote:<br>
> > > got this message this morning:<br>
> > ><br>
> > > SELinux denied access requested by abrtd. It is not expected that<br>
> > > this access is required by abrtd and this access may signal an<br>
> > > intrusion attempt. It is also possible that the specific version<br>
> > > or<br>
> > > configuration of the application is causing it to require<br>
> > > additional access.<br>
> > ><br>
> > > All I know about abrtd is what Google turned up:<br>
> > ><br>
> > > abrt is a tool to help users to detect defects in applications and<br>
> > ><br>
> > > to create a bug report with all informations needed by maintainer<br>
> > > to fix<br>
> ><br>
> > it.<br>
> ><br>
> > > It uses plugin system to extend its functionality.<br>
> > > So I think my question is<br>
> > > How do I get SELinux to let the program do its thing?<br>
> > > Or should I just not give a damn?<br>
> > > Sean<br>
> ><br>
> > _______________________________________________<br>
> > Ale mailing list<br>
> > <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> > <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> > See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> > <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>-- <br>James P. Kinney III<br>I would rather stumble along in freedom than walk effortlessly in chains.<br><br><br>