| 1 |
* Dale Pontius <DEPontius@××××××.net> [2006-05-05 03:25]: |
| 2 |
> 2: I've had a very bad time getting avc warnings - to the point that I'm |
| 3 |
> not sure I've ever gotten any, after booting native. Part of the problem |
| 4 |
> was the way I partitioned, and had /var be a symlink. But that's fixed |
| 5 |
> now, I've done the relabel, and still no warnings. A few months back I |
| 6 |
> juggled the partitioning, did another relabel, and still no warnings. |
| 7 |
> I'm not really sure where to start debugging this one. |
| 8 |
|
| 9 |
SELinux needs the audit kernel subsystem to generate avc messages. Did |
| 10 |
you disable CONFIG_AUDIT by any chance? |
| 11 |
|
| 12 |
Thomas |
| 13 |
|
| 14 |
PS: You can also enable CONFIG_AUDIT_SYSCALL, this should give you some |
| 15 |
more information in case of a avc denial. I think that in newer kernels, |
| 16 |
SELinux already depends on the audit system. |
Archives