Red Hat Bugzilla – Bug 477780
RFE: AVC denial notifications configuration.
Last modified: 2008-12-23 13:43:20 EST
Description of problem:
As the title suggests - I have a certain script, that unless it's being executed from the right context, it generates huge amount of AVC denials. (I'm in the process of fix this).
Problem is, when the first denial hits, the user gets a notification and opens the setroubleshoot browser - which doesn't stop the flood of libnotify pop-ups...
I'd propose the following user-defined configuration:
1. Disable SELinux notification.
2. Disable SELinux notification when setroubleshoot browser is active and in focus.
3. Full SELinux notification. (Even w/ setroubleshoot browser is active.)
This functionality is already present.
If this is the same AVC which keeps triggering it then all you need to do is check the "Quiet" checkbox in the browser, as long as that is checked you won't get any notifications for that alert.
You can also edit /etc/setroubleshoot/setroubleshoot.cfg and modify the use_notification parameter. It's values are documented in the config file. You'll have restart sealert for it to take effect. Here is the doc for use_notification:
Control balloon notification. Possible values: always,never,browser_hidden "always" will
always display the notification. "never" disables notification completely. "browser_hidden" displays the notification
but only if the alert browser is not visible. Note: individual alerts can be flagged as silent disabling notification
for a specific alert, this parameter does not override that.
Never the less, would it be possible the add some information about this cfg to the selart man page? (A normal 'man -k setroubleshoot' and/or google search about configuring selinux notification returns more-or-less nothing; same goes for 'man sealert'; in essence, you must be aware of setroubleshoot.cfg before-hand)
Beyond that, I've set setroubleshoot.cfg's use_notification to browser_hidden and restarted the setroubleshoot service.
Ran the script, first notification, started the browser... and the notification kept coming. Should I open a separated bug report?