<p>That's a policy writing tool<br>
Grep for setroubleshoot in rpm -qa output</p>
<p>On Sep 17, 2010 9:43 PM, "Drifter" <<a href="mailto:drifter@oppositelock.org">drifter@oppositelock.org</a>> wrote:<br type="attribution">> Jim,<br>> What I used was system-config-selinux.<br>> <br>
> Sean<br>> <br>> -----------------------------------------------------------------------<br>> <br>> On Friday, September 17, 2010 03:48:44 pm Jim Kinney wrote:<br>>> _which_ gui tool? The one that works pretty well in Fedora is the<br>
>> selinux troubleshooter. It's an automatic desktop thing with an<br>>> alerter. It has a details drop down that includes a command line to<br>>> fix the problem. If you don't clear the tool, you can go back and<br>
>> review past events.<br>>> <br>>> Most of the reports will not be real break in attempts but will be<br>>> places when an app tried to do a transition that was not allowed (i.e.<br>>> a selinux policy bug or the app developer changed the way something<br>
>> worked under hood and the selinux team "didn't get the memo".)<br>>> <br>>> On Fri, Sep 17, 2010 at 3:29 PM, Drifter <<a href="mailto:drifter@oppositelock.org">drifter@oppositelock.org</a>> <br>
> wrote:<br>>> > I tried using the GUI SELinux command tool -- even went to Red Hat's<br>>> > own "how to" page for the tool. The instructions were incomplete,<br>>> > to say the least. The tool simply does not work the way it should.<br>
>> > It lists all the programs for which it has a rule set. But there is<br>>> > no obvious way to pull up the existing rule set for the program in<br>>> > question, in this case abrtd. The tool will only let you create a<br>
>> > new rule set from scratch. This is STUPID! Then it requires choices<br>>> > without defining them, leaving the user to guess.<br>>> > I'm sorry; I tried. This tool is simply not ready for prime time.<br>
>> > SELinux may be a "Good Thing" (tm) but I have had at least a half<br>>> > dozen SELinux reports in the past month, all of them false alarms. <br>>> > Have set the damn thing to Permissive Mode.<br>
>> > <br>>> > Sean<br>>> > <br>>> > <br>>> > ---------------------------------------------------------------------<br>>> > --------<br>>> > <br>>> > On Friday, September 17, 2010 02:37:20 pm Jim Kinney wrote:<br>
>> > > for that matter you can run windows but you wouldn't want to.<br>>> > > <br>>> > > SELinux is a good thing. It should be used. When there are bugs<br>>> > > they should be reported. With a basic target policy it "JustWorks"<br>
>> > > 99+% of the time. That other tiny fraction is not a show stopper<br>>> > > 99.9+% of the time.<br>>> > > <br>>> > > So a bit of policy tweaks (the gui tool in Fedora actually will<br>
>> > > tell you the command to run to allow the blocked process) are a<br>>> > > good thing to learn about.<br>>> > > <br>>> > > On Fri, Sep 17, 2010 at 2:18 PM, Jim Lynch<br>
>> > <br>>> > <<a href="mailto:ale_nospam@fayettedigital.com">ale_nospam@fayettedigital.com</a>>wrote:<br>>> > > > You can do what I always do and disable SELinux.<br>>> > > > <br>
>> > > > Jim.<br>>> > > > <br>>> > > > On 09/17/2010 11:52 AM, Drifter wrote:<br>>> > > > > got this message this morning:<br>>> > > > > <br>
>> > > > > SELinux denied access requested by abrtd. It is not expected<br>>> > > > > that this access is required by abrtd and this access may<br>>> > > > > signal an intrusion attempt. It is also possible that the<br>
>> > > > > specific version or<br>>> > > > > configuration of the application is causing it to require<br>>> > > > > additional access.<br>>> > > > > <br>
>> > > > > All I know about abrtd is what Google turned up:<br>>> > > > > <br>>> > > > > abrt is a tool to help users to detect defects in applications<br>>> > > > > and<br>
>> > > > > <br>>> > > > > to create a bug report with all informations needed by<br>>> > > > > maintainer to fix<br>>> > > > <br>>> > > > it.<br>
>> > > > <br>>> > > > > It uses plugin system to extend its functionality.<br>>> > > > > So I think my question is<br>>> > > > > How do I get SELinux to let the program do its thing?<br>
>> > > > > Or should I just not give a damn?<br>>> > > > > Sean<br>>> > > > <br>> _______________________________________________<br>> Ale mailing list<br>> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a><br>> See JOBS, ANNOUNCE and SCHOOLS lists at<br>> <a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a><br>
</p>