Daniel J Walsh wrote:
> On 03/04/2010 01:33 PM, Temlakos wrote:
>
>> Dominick Grift wrote:
>>
>>
>>> On 03/04/2010 07:14 PM, Temlakos wrote:
>>>
>>>
>>>
>>>
>>>> Anyway--in case I have to use that installer again, as I think I
>>>> might,
>>>> I'd like to have somebody go over those alerts--because they /have/
to
>>>> be related, somehow. Here they are again:
>>>>
>>>>
>>>>
>>> Just a comment:
>>>
>>> ausearch -m avc -ts ... does not show all denials in
>>> /var/log/audit/audit.log
>>>
>>> There could also be user space AVC denials present which can be
>>> listed with:
>>>
>>> ausearch -m user_avc -ts ...
>>>
>>> In some rare cases sone AVC denials may end up in dmesg and/or
>>> /var/log/messages.
>>>
>>> Unfortunately i do not see anything in your enclosed AVC denials that i
>>> suspect may be related to your issue. Hopefully someone else does.
>>>
>>>
>>>
>>>
>> Well, I just tried searching on user_avc, even after un-hiding the
>> alerts. Result:
>>
>> <no matches>
>>
>> So what I submitted, has to be it.
>>
>> But: might this have anything to do with it? I'm using KDE now, and one
>> of the things that the installer had to do was to get into KWallet, and
>> for that the system asked for my KWallet password, which I gave.
>>
>> I'm new to KDE, and I'm surprised that I didn't use it earlier. KDE
has
>> an automatic package installer that has already made my life a lot
>> simpler, and when I realized that I was using a lot of KDE-specific
>> apps, KDE was the logical choice. But maybe KDE has some subtleties that
>> occasionally create a security problem in a security-enhanced
>> environment.
>>
>> Temlakos
>> --
>> selinux mailing list
>> selinux(a)lists.fedoraproject.org
>>
https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
>>
>>
>>
> I have seen installations trip over execmod,execmem and execstack checks.
>
> Also if the tools use java, it can do some stuff that SELinux does not
> like.
>
> getsebool allow_execstack allow_execmem allow_execmod
>
>
>
allow_execstack --> on
allow_execmem --> on
allow_execmod --> off
OK, what next?
Temlakos
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux