| 1 |
On Tue, Aug 21, 2012 at 09:14:39AM +0200, f.p.barile@×××××.com2 wrote: |
| 2 |
> Hello to all the list. I need your help to understand what's wrong here. |
| 3 |
> I tried to convert my laptop to a selinux profile (targeted) several |
| 4 |
> times following the documentation step by step. |
| 5 |
|
| 6 |
Hi F.P. |
| 7 |
|
| 8 |
First of all, thanks for trying the SELinux stuff out. I'm pretty sure we |
| 9 |
can help you further and fix things so that others don't get the same |
| 10 |
problems. |
| 11 |
|
| 12 |
> 1) it seems like some part of hardware can't be revealed in enforcing |
| 13 |
> mode: Pulseaudio can't see the soundcard, powerdevil can't see power |
| 14 |
> statistics, newly atttached usb drives are ingored. Obviously |
| 15 |
> selinux-consolekit, selinux-policykit and selinux-dbus are installed. |
| 16 |
|
| 17 |
It is best to look at the AVC denials that come up when you launch |
| 18 |
pulseaudio, powerdevel etc. one by one. Providing all possible denials will |
| 19 |
make it much more difficult to fine-tune the problems. |
| 20 |
|
| 21 |
What I usually do to debug issues is to do: |
| 22 |
|
| 23 |
~# tail -f /var/log/avc.log |
| 24 |
|
| 25 |
Then perform one activity (1) that doesn't work. For instance, try to play |
| 26 |
an MP3/OGG file which fails. Then look at the denials that came up right |
| 27 |
when you did that action. |
| 28 |
|
| 29 |
> 3) Logging in root with su or kdesu (in X environment) takes too long: |
| 30 |
> if the password I write is ok, it takes even some minute to give me the |
| 31 |
> root shell. |
| 32 |
|
| 33 |
Here too looking at the AVC denials that come up right then would be |
| 34 |
interesting. However, in this case it is best to also provide the output of |
| 35 |
"id -Z" right before you switch root, and right after. |
| 36 |
|
| 37 |
Wkr, |
| 38 |
Sven Vermeulen |
Archives