On 04/25/2017 06:45 PM, Gordon Messmer wrote: > On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: >> Quick’n’(really) dirty SELinux howto: > > > Alternate process: > > 1: setenforce permissive > 2: tail -f /var/log/audit/audit.log | grep AVC > 3: use the service, exercise each function that's constrained by the > existing policy > 4: copy and paste the output from the terminal used for #2 into > "audit2allow -M <modulename>" > 5: setenforce enforcing > > This process is less iterative, which can save a *lot* of time > building some policies. How do I undo the damage the last attempt caused? I am on the road right now (Venice, IT to speak tomorrow on Identity Oriented Networking), and I left my test system running back home. To get to it is two SSH hops. The WiFi in this hotel is a pain. It times out after 1 hour and you have to do a web access. It does not understand things like IMAP and SSH...