On 03/04/2010 01:33 PM, Temlakos wrote:
Dominick Grift wrote:
> On 03/04/2010 07:14 PM, Temlakos wrote:
>
>
>
>> Anyway--in case I have to use that installer again, as I think I might,
>> I'd like to have somebody go over those alerts--because they /have/ to
>> be related, somehow. Here they are again:
>>
>>
> Just a comment:
>
> ausearch -m avc -ts ... does not show all denials in
> /var/log/audit/audit.log
>
> There could also be user space AVC denials present which can be listed with:
>
> ausearch -m user_avc -ts ...
>
> In some rare cases sone AVC denials may end up in dmesg and/or
> /var/log/messages.
>
> Unfortunately i do not see anything in your enclosed AVC denials that i
> suspect may be related to your issue. Hopefully someone else does.
>
>
>
Well, I just tried searching on user_avc, even after un-hiding the
alerts. Result:
<no matches>
So what I submitted, has to be it.
But: might this have anything to do with it? I'm using KDE now, and one
of the things that the installer had to do was to get into KWallet, and
for that the system asked for my KWallet password, which I gave.
I'm new to KDE, and I'm surprised that I didn't use it earlier. KDE has
an automatic package installer that has already made my life a lot
simpler, and when I realized that I was using a lot of KDE-specific
apps, KDE was the logical choice. But maybe KDE has some subtleties that
occasionally create a security problem in a security-enhanced environment.
Temlakos
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
I have seen installations trip over execmod,execmem and execstack checks.
Also if the tools use java, it can do some stuff that SELinux does not like.
getsebool allow_execstack allow_execmem allow_execmod