On Saturday, January 07, 2012 11:15:35 AM Bennett Haselton wrote:
> Hence the idea for having SELinux send messages to the terminal saying
> "SELinux blocked such-and-such". There's probably some better way.
Huh?
CentOS has done this by default since CentOS 4. At least I see
SELinux-generated 'denied' AVC's on a couple of internal C4 machines where I'm
running SELinux in permissive mode and I see the denials on a text console.
All my CentOS 5 boxes have SELinux on and enforcing, but I haven't seen any avc
denials in the logs or on the console, nor have I done anything 'wierd' on
those boxes....
The graphical GNOME installation pops up a tooltip-style balloon when SELinux
denials are found, at least with CentOS 6. Haven't tried with C5.
Now, nowhere in the logged message does it say 'SELinux' but a google for the
text found in such an avc denial log entry brings up what you need to know.
Here's an example:
audit(1325941406.515:467): avc: denied { write } for pid=6609
comm="postmaster" name="1262" dev=dm-0 ino=2016007
scontext=root:system_r:postgresql_t tcontext=user_u:object_r:var_t tclass=file
(I know how to fix it, I just haven't). This by default comes to the
/dev/console device along with being logged in dmesg and elsewhere.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
