Ask Your Question
2

Disable SeLinux Notifications

asked 2014-05-04 02:27:19 -0600

abadrinath gravatar image

Hello!

Every time I login, I get this notification at the bottom of the screen about an AVC denial. When I click on the notification, it sends me to SELinux Alerts. I have tried to disable it from that window by checking No in Do you want to receive alerts?, but that doesn't seem to do much.

I do want SELinux to be on, but just no notifications would be great. How do you disable those notifications?

Thanks,

James

edit retag flag offensive close merge delete

Comments

1

Fix the issue by creating a local policy. Disableing notfications is bad, if you really happen to diagnose why something does not work (i.e. steam) it leaves you in the dark and you got to start grunt log file digging.

drahnr gravatar imagedrahnr ( 2014-05-04 06:14:07 -0600 )edit
1

I agree with drahnr : you'll easily fix the issue by adding some local rule or changing a boolean value, starting from avcs found in /var/log/audit.log, using audit2allow. For example, this command:

grep denied /var/log/audit.log |audit2allow -r

will show you the rules needed for all AVCs currently in audit.log. You may also filter to add only rules for specific one. You need policycoreutils-python rpm installed. Have a look at doc, which contains helpfull information: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Security-Enhanced_Linux

tonioc gravatar imagetonioc ( 2014-05-05 06:23:04 -0600 )edit

Hello tonioc, There is no such file /var/log/audit.log. Is that a typo??

abadrinath gravatar imageabadrinath ( 2014-05-05 06:27:01 -0600 )edit
1

sorry, yes, please read /var/log/audit/audit.log

tonioc gravatar imagetonioc ( 2014-05-05 06:34:16 -0600 )edit

Hello tonioc, I have done that, but I still constantly get the notifications. How do I disable the notification itself? :(

abadrinath gravatar imageabadrinath ( 2014-05-09 02:21:50 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted
1

answered 2014-06-27 13:28:20 -0600

sideburns gravatar image

Turning off SELinux notifications isn't a good idea, but the troubleshooter claims to allow it and should honor your decision. Since it doesn't, your best course of action is to go to the Fedora Bugzilla ( https://bugzilla.redhat.com/ ) register if you haven't already, and open a bug report against the SELinux Troubleshooter. (The programs name, BTW, is sealert, so open a bug against sealert.) Put in the same information you did here, along with anything else you think might be of help. Then, once the bug is opened, post a link to it here so that others can keep track of it if they're interested.

edit flag offensive delete link more

Comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2014-05-04 02:27:19 -0600

Seen: 1,534 times

Last updated: Jun 27 '14