Hi,
I recently discovered setroubleshoot, a wonderful tool that helps diagnose and resolve selinux problems, even if you really do not understand selinux. I need to read up on selinux and get to where I understand it much better.
I'm wondering if there is a text only version of setroubleshoot that runs on a minimal server configuration without X installed?
On Fri, 27 Jul 2007, drew einhorn wrote:
Hi,
I recently discovered setroubleshoot, a wonderful tool that helps diagnose and resolve selinux problems, even if you really do not understand selinux. I need to read up on selinux and get to where I understand it much better.
I'm wondering if there is a text only version of setroubleshoot that runs on a minimal server configuration without X installed?
Not that I am aware of but there is sealert -l in C5. Avc messages show up in the logs like the following:
Jul 27 13:04:23 calamari setroubleshoot: SELinux is preventing samba (/usr/sbin/smbd) "search" to bin (bin_t). For complete SELinux messages. run sealert -l ca16f5d1-dd8a-4c9f-a535-1ff823c14583
The sealert thing displays information similar to setroubleshootd.
Hope this helps,
On 7/27/07, Tom Diehl <tdiehl@rogueind.com > wrote:
On Fri, 27 Jul 2007, drew einhorn wrote:
Hi,
I recently discovered setroubleshoot, a wonderful tool that helps diagnose and resolve selinux problems, even if you really do not understand selinux. I need to read up on selinux and get to where I understand it much better.
I'm wondering if there is a text only version of setroubleshoot that runs on a minimal server configuration without X installed?
Not that I am aware of but there is sealert -l in C5. Avc messages show up in the logs like the following:
Jul 27 13:04:23 calamari setroubleshoot: SELinux is preventing samba (/usr/sbin/smbd) "search" to bin (bin_t). For complete SELinux messages. run sealert -l ca16f5d1-dd8a-4c9f-a535-1ff823c14583
The sealert thing displays information similar to setroubleshootd.
Hope this helps,
sealert is part of the setroubleshoot package and the setroubleshoot package requires gnome, pygtk2, ...
It would be very helpful if there was a way to split the basic text based part and the X based part into separate packages.
--
Tom Diehl tdiehl@rogueind.com Spamtrap address mtd123@rogueind.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
--On Friday, July 27, 2007 12:48 PM -0600 drew einhorn drew.einhorn@gmail.com wrote:
It would be very helpful if there was a way to split the basic text based part and the X based part into separate packages.
Agreed. I run a couple headless C5 servers now (mail and web) and would like a way to debug the SELinux problems with just an ssh console.
-
drew einhorn -
Kenneth Porter -
Tom Diehl