On Tue, 11 Jun 2013, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/10/2013 03:31 PM, Michael Hennebry wrote:
On Mon, 10 Jun 2013, m.roth@5-cent.us wrote:
Michael Hennebry wrote:
On Mon, 10 Jun 2013, Michael Hennebry wrote:
On Mon, 10 Jun 2013, m.roth@5-cent.us wrote:
Michael Hennebry wrote: > On Mon, 10 Jun 2013, m.roth@5-cent.us wrote: >> Frank Cox wrote: >>> On Mon, 10 Jun 2013 12:15:15 -0500 (CDT) Michael Hennebry >>> wrote:
<snip>
>> And I trust the filesystem isn't full? Or is selinux >> enforcing? > > The filesystem is not full the workaround works. selinux is set > for enforcing. [hennebry@96-18-56-186 t2]$ ls -Zd /tmp > drwxrwxrwt. root root system_u:object_r:tmp_t:s0 /tmp > > I had no trouble making the absent directory.
Ahhhh... were there any selinux AVCs from when you tried to save before?
<snip> > [root@96-18-56-186 ~]# grep AVC /var/log/audit/audit.log > [root@96-18-56-186 ~]# grep type= /var/log/audit/audit.log | wc 3571 > 52375 814962
ARGH!!! 3571 AVC's.... You need to find out what they're telling you, and
No AVC's at all. The first grep came up empty. I just put in type= to demonstrate that I was getting selinux messages.
fix that, a combination of setsebool, semanage -P <whatever>/restorecon -v <whatever>, and/or grep -i avc | tail 100 | audit2allow to show you what it would do, and check the manpage for audit2allow to get the flags right to create a module that you can then load, as per the examples in the manpage.
There are lots of messages in the audit.log that are not related to SELinux error messages that have type=.
ausearch -m avc,user_avc
WIll show you all AVC messages.
From ausearch, I have AVC messages now,
but they are all from May or from after I posted about evince.
I do not understand why I did not find the May ones with grep. grep still only gives me 7, the ones from June, and does ont give me times, even when I use -e time in the command line.
From gview, .../audit.log does not contain an explicit time.
Is it encoded somehow?