I have experienced some SELinux alerts in the past, some of which I reported, some of which I restored context to fix, and some of which I checked the Ignore box in the GUI. Other than that, I haven't changed any of the default settings since Fedora 14 Alpha. I applied the selinux-policy update earlier today, and rebooted. A few times thereafter, the alert icon popped up on my Gnome desktop, but when I clicked it, the SELinux Troubleshoot Browser reported "No alerts to view". selinux-policy-3.9.5-7.fc14.noarch selinux-policy-targeted-3.9.5-7.fc14.noarch setroubleshoot-2.2.100-1.fc14.x86_64 setroubleshoot-server-2.2.100-1.fc14.x86_64 setroubleshoot-plugins-2.1.61-1.fc14.noarch
Could you run # ausearch -m avc TO see the most recent AVCs?
I got an troubleshooter icon this morning (October 12) after rebooting (there was an update to selinux-policy-3.9.5-10.fc14.noarch), but the latest alert reported by "ausearch -m avc" is: >> time->Wed Oct 6 12:23:42 2010 type=SYSCALL msg=audit(1286382222.913:22918): arch=c000003e syscall=2 success=yes exit=18 a0=7ff67c2183a0 a1=0 a2=1b6 a3=0 items=0 ppid=3634 pid=3690 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-containe" exe=2F7573722F6C696236342F78756C72756E6E65722D312E392E322F706C7567696E2D636F6E7461696E65722E237072656C696E6B232E314F67706779202864656C6574656429 subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1286382222.913:22918): avc: denied { open } for pid=3690 comm="plugin-containe" name="settings.sol" dev=sda1 ino=1578843 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file type=AVC msg=audit(1286382222.913:22918): avc: denied { read } for pid=3690 comm="plugin-containe" name="settings.sol" dev=sda1 ino=1578843 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file << (And that is related to the 64 bit Flash plugin I recently installed.)
Did you remove ~/.setroubleshoot file? All sealert is trying to do is look at ~/.setroubleshoot and compare the last avc as recorded there versus what the system is now reporting.
I hadn't touched it, but if I now remove ~/.setroubleshoot, that doesn't seem to change the output of "ausearch -m avc", but then I do have 7 alerts showing up after I run seapplet. The problem of course is that I don't want to be bothered by the applet icon showing up when the only alerts that have occurred are ones I have told it to ignore. The contents of ~/.setroubleshoot were: >> dontnotify=700f4b6e-ed7d-4590-814b-a5aee0fcfb30,b0ef4dd8-2ae8-49d1-ae8f-d92c77d9f94a,99f28c26-8c81-42f6-ac96-73bd75805a2b,23a7a23a-e888-406f-b9d9-c2c28e52e92e,0c964667-c74f-413e-a23f-7dbb41314a07,64892b18-2047-4c88-9ec5-bea58ed9de1e,117c34d4-2b82-4dce-8248-0b9e7f97d8b2,c1b665af-7920-409f-aa29-1f18c6913e54,c93a2c1a-3e0b-43be-b9c2-0c61a4accf39 pos= bugzilla_user=beland.edu << I went through and checked "Ignore alert" for all but the first (for which I restored context and deleted). I note that if I hit "Previous" or "Next" to navigate through the list, the "Ignore Alert" checkbox for any alert I have already asked the system to ignore is now unchecked. Perhaps there are deeper problems with the "ignore alert" mechanism? After closing seapplet, the contents of ~/.setroubleshoot are now: >> dontnotify=23a7a23a-e888-406f-b9d9-c2c28e52e92e,0c964667-c74f-413e-a23f-7dbb41314a07,117c34d4-2b82-4dce-8248-0b9e7f97d8b2,c1b665af-7920-409f-aa29-1f18c6913e54,c93a2c1a-3e0b-43be-b9c2-0c61a4accf39,64892b18-2047-4c88-9ec5-bea58ed9de1e last=64892b18-2047-4c88-9ec5-bea58ed9de1e pos=23a7a23a-e888-406f-b9d9-c2c28e52e92e <<
Why not just delete them? The ignore stuff does not always work properly. Are you getting the same AVC repeatedly and you just say ignore so it does not bother you any longer?
Yes, I don't expect the Flash-related violations to be fixed anytime soon, so I wish to simply ignore any future instance of the same violations.
setroubleshoot-3.0.15-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/setroubleshoot-3.0.15-1.fc14
setroubleshoot-plugins-3.0.8-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/setroubleshoot-plugins-3.0.8-1.fc14
setroubleshoot-3.0.15-1.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update setroubleshoot'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/setroubleshoot-3.0.15-1.fc14
setroubleshoot-plugins-3.0.8-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
setroubleshoot-3.0.15-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.