On Fri, June 22, 2012 16:38, m.roth at 5-cent.us wrote: > > Not true. It will issue an AVC every time something tries to happen. > Big things to know: > a) ll -Z shows you the selinux context > b) chcon [-R] -[urt] <whatever> <file or directory> > c) getsebool and setsebool > > mark If you are working with SELinux issues then the following are most helpful to have installed: setools-libs.x86_64 3.3.7-4.el6 setools-libs-python.x86_64 3.3.7-4.el6 setroubleshoot-plugins.noarch 3.0.16-1.el6 setroubleshoot-server.x86_64 3.0.38-2.1.el6 The files you need be aware of are: /var/log/messages /var/log/audit/audit.log There are several utilities to be aware (and refer to the man pages) of: # audit2allow # audit2why # ausearch # chcon # getenforce # getsebool # restorecon # sealert # semanage # semodule # setenforce # setsebool # system-config-securitylevel You will also find large measures of patience and forbearance to be of value. For issues about missing policies and contexts and developing same you should monitor the SELinix policy mailing list at refpolicy at oss1.tresys.com. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3