On Fri, June 22, 2012 16:38, m.roth@5-cent.us wrote:

Not true. It will issue an AVC every time something tries to happen. Big things to know: a) ll -Z shows you the selinux context b) chcon [-R] -[urt] <whatever> <file or directory> c) getsebool and setsebool

 mark

If you are working with SELinux issues then the following are most helpful to have installed:

setools-libs.x86_64 3.3.7-4.el6 setools-libs-python.x86_64 3.3.7-4.el6 setroubleshoot-plugins.noarch 3.0.16-1.el6 setroubleshoot-server.x86_64 3.0.38-2.1.el6

The files you need be aware of are:

/var/log/messages /var/log/audit/audit.log

There are several utilities to be aware (and refer to the man pages) of:

# audit2allow # audit2why # ausearch # chcon # getenforce # getsebool # restorecon # sealert # semanage # semodule # setenforce # setsebool # system-config-securitylevel

You will also find large measures of patience and forbearance to be of value.

For issues about missing policies and contexts and developing same you should monitor the SELinix policy mailing list at refpolicy@oss1.tresys.com.