-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
248 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,211 @@ | ||
| <?xml version="1.0" encoding="UTF-8" standalone="no"?> | ||
| <!-- This file originates from the project https://github.com/openSUSE/doc-kit --> | ||
| <!-- This file can be edited downstream. --> | ||
| <!DOCTYPE assembly | ||
| [ | ||
| <!ENTITY % entities SYSTEM "../common/generic-entities.ent"> | ||
| %entities; | ||
| ]> | ||
| <!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> --> | ||
| <!-- point back to this document with a similar comment added to your legacy doc piece --> | ||
| <!-- refer to README.md for file and id naming conventions --> | ||
| <assembly version="5.2" xml:lang="en" | ||
| xmlns:xlink="http://www.w3.org/1999/xlink" | ||
| xmlns:trans="http://docbook.org/ns/transclusion" | ||
| xmlns:its="http://www.w3.org/2005/11/its" | ||
| xmlns="http://docbook.org/ns/docbook"> | ||
| <!-- resources section references all topic chunks used in the final article | ||
| --> | ||
| <!-- R E S O U R C E S --> | ||
| <!-- Glue files --> | ||
| <resources> | ||
| <resource xml:id="_glue-example" href="../glues/glue.xml"> | ||
| <description>Glue example</description> | ||
| </resource> | ||
| <resource xml:id="_glue-more-info" href="../glues/glue-more-info.xml"> | ||
| <description>Glue for more information</description> | ||
| </resource> | ||
| <resource xml:id="_glue-whats-next" href="../glues/glue-whats-next.xml"> | ||
| <description>Glue what's next</description> | ||
| </resource> | ||
| </resources> | ||
| <!-- Concept files --> | ||
| <resources> | ||
| <resource xml:id="_concept-example" href="../concepts/concept.xml"> | ||
| <description>Concept example</description> | ||
| </resource> | ||
| </resources> | ||
| <!-- Tasks --> | ||
| <resources> | ||
| <resource xml:id="_task-example" href="../tasks/task.xml"> | ||
| <description>Task example</description> | ||
| </resource> | ||
| </resources> | ||
| <!-- References --> | ||
| <resources> | ||
| <resource xml:id="_reference-example" href="../references/reference.xml"> | ||
| <description>Reference example</description> | ||
| </resource> | ||
| </resources> | ||
| <!-- Legal --> | ||
| <resources> | ||
| <resource href="../common/legal.xml" xml:id="_legal"> | ||
| <description>Legal Notice</description> | ||
| </resource> | ||
| <resource href="../common/license_gfdl1.2.xml" xml:id="_gfdl"> | ||
| <description>GNU Free Documentation License</description> | ||
| </resource> | ||
| </resources> | ||
| <!-- S T R U C T U R E --> | ||
| <structure renderas="article" xml:id="article-example" xml:lang="en"> | ||
| <merge> | ||
| <title>Tourbleshooting &selnx; using <command>setroubleshoot</command></title> | ||
| <subtitle>Subtitle if necessary</subtitle> | ||
| <!-- Create revision history to enable versioning; add most recent entries at the top. --> | ||
| <!-- Check https://documentation.suse.com/style/current/single-html/docu_styleguide/#sec-revhistory for detailed instructions--> | ||
| <revhistory xml:id="rh-USE-ROOT-ID"> | ||
| <revision><date>2054-11-14</date> | ||
| <revdescription> | ||
| <itemizedlist> | ||
| <!-- Group by type of change (added/removed/changed)--> | ||
| <listitem><para>Added sections:</para> | ||
| <itemizedlist> | ||
| <!-- Reference, but don't link to tracker items--> | ||
| <!-- Follow https://en.opensuse.org/openSUSE:Packaging_Patches_guidelines#Current_set_of_abbreviations for tracker item references--> | ||
| <listitem><para>New section on <quote>foo</quote> to resolve issue <uri>bsc#12345</uri></para></listitem> | ||
| <!-- Name sections, but don't insert links --> | ||
| <listitem><para>New section on <quote>foo bar</quote></para></listitem> | ||
| </itemizedlist> | ||
| </listitem> | ||
| <listitem><para>Removed sections:</para> | ||
| <itemizedlist> | ||
| <listitem><para>Removed section on <quote>foo1</quote> to resolve issue <uri>bsc#12346</uri></para></listitem> | ||
| <listitem><para>Removed section on <quote>foo1 bar</quote></para></listitem> | ||
| </itemizedlist> | ||
| </listitem> | ||
| <listitem><para>Changed sections:</para> | ||
| <itemizedlist> | ||
| <listitem><para>Changed section on <quote>foo2</quote> to resolve issue <uri>bsc#12347</uri></para></listitem> | ||
| <listitem><para>Changed section on <quote>foo2 bar</quote></para></listitem> | ||
| </itemizedlist> | ||
| </listitem> | ||
| </itemizedlist> | ||
| </revdescription> | ||
| </revision> | ||
| </revhistory> | ||
| <!-- TODO: provide a listing of possible and validatable meta entry values. Maybe in our geekodoc repo? --> | ||
| <!-- add author's e-mail --> | ||
| <meta name="maintainer" content="" its:translate="no"/> | ||
| <!-- ISO date of last update as YYYY-MM-DD --> | ||
| <meta name="updated" content="2037-11-16" its:translate="no"/> | ||
| <!-- this does not work yet. Use the dm tags listed below for now | ||
| <meta name="bugtracker" its:translate="no"> | ||
| <phrase role="url">https://bugzilla.suse.com/enter_bug.cgi</phrase> | ||
| <phrase role="component">Non-product-specific documentation</phrase> | ||
| <phrase role="product">Smart Docs</phrase> | ||
| <phrase role="assignee">[email protected]</phrase> | ||
| </meta> | ||
| --> | ||
| <!-- not supported, yet. Use dm: tag for now | ||
| <meta name="translation" its:translate="no"> | ||
| <phrase role="trans">yes</phrase> | ||
| <phrase role="language">de-de,cs-cz</phrase> | ||
| </meta> | ||
| --> | ||
| <!-- enter the platform identifier or a list of | ||
| identifiers, separated by ; --> | ||
| <!-- For a full list of meta tags and their values, | ||
| see https://confluence.suse.com/x/aQDWNg | ||
| --> | ||
| <meta name="architecture" content="x86;power" its:translate="no"/> | ||
| <meta name="productname" its:translate="no"> | ||
| <!-- enter product name and version --><productname version="X.Y">&productname;</productname> | ||
| </meta> | ||
| <meta name="title" its:translate="yes">short title for SEO and social media, max. 55 chars</meta> | ||
| <meta name="description" its:translate="yes">short description, max. 150 chars</meta> | ||
| <meta name="social-descr" its:translate="yes">ultrashort description for social media, max 55 chars</meta> | ||
| <!-- suitable category, comma-separated list of categories --> | ||
| <meta name="category" content="Systems Management" its:translate="no"/> | ||
| <dm:docmanager xmlns:dm="urn:x-suse:ns:docmanager"> | ||
| <dm:bugtracker> | ||
| <dm:url>https://bugzilla.suse.com/enter_bug.cgi</dm:url> | ||
| <dm:component>Smart Docs</dm:component> | ||
| <dm:product>Documentation</dm:product> | ||
| <!-- provide your BUGZILLA e-mail address, otherwise this does not work correctly--> | ||
| <dm:assignee>[email protected]</dm:assignee> | ||
| </dm:bugtracker> | ||
| <dm:translation>yes</dm:translation> | ||
| </dm:docmanager> | ||
| <abstract> | ||
| <variablelist> | ||
| <varlistentry> | ||
| <term>WHAT?</term> | ||
| <listitem> | ||
| <para> | ||
| A system with &selnx; in the <literal>enforcing</literal> mode may cause access | ||
| denials that may prevent application from running correctly. | ||
| <literal>setroubleshoot</literal> is a tool that inteprets these denial messages in a | ||
| user-friendly way and also suggests possible solutions. | ||
| </para> | ||
| </listitem> | ||
| </varlistentry> | ||
| <varlistentry> | ||
| <term>WHY?</term> | ||
| <listitem> | ||
| <para> | ||
| You want to solve access denials caused by &selnx; without decreasing security of | ||
| your system. | ||
| </para> | ||
| </listitem> | ||
| </varlistentry> | ||
| <varlistentry> | ||
| <term>EFFORT</term> | ||
| <listitem> | ||
| <para> | ||
| TBD | ||
| </para> | ||
| </listitem> | ||
| </varlistentry> | ||
| <varlistentry> | ||
| <term>GOAL</term> | ||
| <listitem> | ||
| <para> | ||
| You will be able to solve &selnx; denial problems. | ||
| </para> | ||
| </listitem> | ||
| </varlistentry> | ||
| <varlistentry> | ||
| <term>REQUIREMENTS</term> | ||
| <listitem> | ||
| <itemizedlist> | ||
| <listitem> | ||
| <para> | ||
| A running system with enabled &selnx;. | ||
| </para> | ||
| </listitem> | ||
| </itemizedlist> | ||
| </listitem> | ||
| </varlistentry> | ||
| </variablelist> | ||
| </abstract> | ||
| </merge> | ||
| <!-- pull in all the topic files you need --> | ||
| <!-- pick the appropriate type of include to match your needs --> | ||
| <!-- pull in a topic as is --> | ||
| <module resourceref="_glue-example" renderas="section"/> | ||
| <!-- pull in a topic and switch the title --> | ||
| <module resourceref="_concept-example" renderas="section"> | ||
| <merge> | ||
| <title>You are a very special concept now!</title> | ||
| </merge> | ||
| </module> | ||
| <module resourceref="_task-example" renderas="section"/> | ||
| <module resourceref="_reference-example" renderas="section"/> | ||
| <module resourceref="_glue-more-info" renderas="section"/> | ||
| <module resourceref="_glue-whats-next" renderas="section"/> | ||
| <module resourceref="_legal"/> | ||
| <module resourceref="_gfdl"> | ||
| <output renderas="appendix"/> | ||
| </module> | ||
| </structure> | ||
| </assembly> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <!-- This file originates from the project https://github.com/openSUSE/doc-kit --> | ||
| <!-- This file can be edited downstream. --> | ||
| <!DOCTYPE topic | ||
| [ | ||
| <!ENTITY % entities SYSTEM "../common/generic-entities.ent"> | ||
| %entities; | ||
| ]> | ||
| <!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> --> | ||
| <!-- point back to this document with a similar comment added to your legacy doc piece --> | ||
| <!-- refer to README.md for file and id naming conventions --> | ||
| <!-- metadata is dealt with on the assembly level --> | ||
| <topic xml:id="selinux-avc-denials" | ||
| role="concept" xml:lang="en" | ||
| xmlns="http://docbook.org/ns/docbook" version="5.2" | ||
| xmlns:its="http://www.w3.org/2005/11/its" | ||
| xmlns:xi="http://www.w3.org/2001/XInclude" | ||
| xmlns:xlink="http://www.w3.org/1999/xlink" | ||
| xmlns:trans="http://docbook.org/ns/transclusion"> | ||
| <info> | ||
| <title>AVC denials</title><!-- can be changed via merge in the assembly --> | ||
| <!--add author's email address--> | ||
| <meta name="maintainer" content="[email protected]" its:translate="no"/> | ||
| <abstract><!-- can be changed via merge in the assembly --> | ||
| <para> | ||
| Introductory text | ||
| </para> | ||
| </abstract> | ||
| </info> | ||
| <para> | ||
| An AVC denial is an message logged when &selnx; denies a service or application access to | ||
| a file or a process. | ||
| </para> | ||
| <para> | ||
| You can find those messages in <filename>/var/log/audit/audit.log </filename> with the <literal>type=AVC</literal>. | ||
| </para> | ||
| </topic> |