-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/21/2010 02:34 AM, Robert Nichols wrote:
What, in the hopelessly complex chain of process startups, is supposed to start setroubleshootd?
setroubleshootd is now a dbus service. It is supposed to be started when and AVC arrives or you start the sealert browser. It dies 10 seconds after the last connection/AVC arrival.
This link describes how it is supposed to work. http://danwalsh.livejournal.com/28828.html
Sounds like you might have found a bug in setroubleshoot. Setroubleshoot will also command suicide if the avc is about itself.
I find it is either not getting started or silently
dieing on my Fedora 12 system. I find I've been getting a bunch of AVCs logged, with no alert of course, and no way to get those AVCs translated with human-readable timestamps so that I have the slightest chance of correlating those with anything else going on in the system. ("sealert -a /var/log/audit/audit.log" just dies with "NameError: global name 'avc' is not defined".)
You can see the AVC's via ausearch.
ausearch -m avc -ts recent
To show recent avc's
ausearch -m avc -ts today
To show todays AVCs
The manpage for sealert mentions a GUI browser. That must have been in somebody's wet dream, because there is no such thing. Regardless of how sealert is started, the GUI menu discussed in the manpage does not exist.
Applications/System Tools/SELinux Troubleshooter sealert -b will launch the browser.
man sealert ... -b --browser Launch the browser
If the browser is blowing up you could just execute sealert -S
And see if it is throwing an exception.
Again, SElinux turns out to be a bigger pain than anything it is supposedly protecting against.
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Send me the output of ausearch -m avc -ts today and I will see what is going on.