<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<!-- This file originates from the project https://github.com/openSUSE/doc-kit -->

<!-- This file can be edited downstream. -->

<!DOCTYPE assembly

[

<!ENTITY % entities SYSTEM "../common/generic-entities.ent">

%entities;

]>

<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->

<!-- point back to this document with a similar comment added to your legacy doc piece -->

<!-- refer to README.md for file and id naming conventions -->

<assembly version="5.2" xml:lang="en"

xmlns:xlink="http://www.w3.org/1999/xlink"

xmlns:trans="http://docbook.org/ns/transclusion"

xmlns:its="http://www.w3.org/2005/11/its"

xmlns="http://docbook.org/ns/docbook">

<!-- resources section references all topic chunks used in the final article

-->

<!-- R E S O U R C E S -->

<!-- Concept files -->

<resources>

<resource xml:id="_setroubleshoot-about" href="../concepts/setroubleshoot-about.xml">

<description>About setroubleshoot</description>

</resource>

<resource xml:id="_selinux-audit-log" href="../concepts/selinux-audit-log.xml">

<description>About the audit log</description>

</resource>

</resources>

<!-- Tasks -->

<resources>

<resource xml:id="_selinux-audit2allow" href="../tasks/selinux-audit2allow.xml">

<description>audit2allow</description>

</resource>

<resource xml:id="_setroubleshoot-running-analysis" href="../tasks/setroubleshoot-running-analysis.xml">

<description>Running analysis</description>

</resource>

</resources>

<!-- References -->

<resources>

<resource xml:id="_setroubleshoot-congfiguration" href="../references/setroubleshoot-congfiguration.xml">

<description>Configuring mail notifications</description>

</resource>

</resources>

<!-- Legal -->

<resources>

<resource href="../common/legal.xml" xml:id="_legal">

<description>Legal Notice</description>

</resource>

<resource href="../common/license_gfdl1.2.xml" xml:id="_gfdl">

<description>GNU Free Documentation License</description>

</resource>

</resources>

<!-- S T R U C T U R E -->

<structure renderas="article" xml:id="setroubleshoot" xml:lang="en">

<merge>

<title>Troubleshooting &selnx;</title>

<!-- History -->

<revhistory xml:id="rh-setroubleshoot">

<revision><date>2024-11-19</date>

<revdescription>

<para>

Initial version

</para>

</revdescription>

</revision>

</revhistory>

<!-- Maintainer -->

<meta name="maintainer" content="[email protected]" its:translate="no"/>

<!-- Architectures -->

<meta name="architecture" its:translate="no">

<phrase>&x86-64;</phrase>

<phrase>&power;</phrase>

<phrase>&ibm;</phrase>

<phrase>&aarch64;</phrase>

</meta>

<!-- Productname & Version -->

<meta name="productname" its:translate="no">

<productname version="6.1">&slm;</productname>

</meta>

<!-- Search -->

<meta name="title" its:translate="yes">Troubleshooting &selnx;</meta>

<meta name="description" its:translate="yes">Using setroubleshoot and audit2allow to

troubleshoot &selnx;.</meta>

<!-- Social Media -->

<meta name="social-descr" its:translate="yes">AVC denials, setroubleshoot and audit2allow.</meta>

<!-- Task -->

<meta name="task" its:translate="no">

<phrase>Security</phrase>

<phrase>Troubleshooting</phrase>

</meta>

<!-- Series -->

<meta name="series" its:translate="no">Products &amp; Solutions</meta>

<dm:docmanager xmlns:dm="urn:x-suse:ns:docmanager">

<dm:bugtracker>

<dm:url>https://bugzilla.suse.com/enter_bug.cgi</dm:url>

<dm:component>Documentation</dm:component>

<dm:product os="slmicro">SUSE Linux Micro 6.1</dm:product>

<dm:assignee>[email protected]</dm:assignee>

</dm:bugtracker>

<dm:translation>yes</dm:translation>

</dm:docmanager>

<abstract>

<variablelist>

<varlistentry>

<term>WHAT?</term>

<listitem>

<para>

A system with &selnx; in the <literal>enforcing</literal> mode

may cause access denials that may prevent applications from

running correctly. You can use <command>audit2allow</command>

or <literal>setroubleshoot</literal> to analyze denial messages

in a user-friendly way.

</para>

</listitem>

</varlistentry>

<varlistentry>

<term>WHY?</term>

<listitem>

<para>

This article provides instructions on how to solve access

denials caused by &selnx; without decreasing the security of

your system.

</para>

</listitem>

</varlistentry>

<varlistentry>

<term>EFFORT</term>

<listitem>

<para>

It takes approximately 30 minutes to read the article.

</para>

</listitem>

</varlistentry>

<varlistentry>

<term>GOAL</term>

<listitem>

<para>

You will be able to use one of the further described tools to

debug &selnx; denials.

</para>

</listitem>

</varlistentry>

<varlistentry>

<term>REQUIREMENTS</term>

<listitem>

<itemizedlist>

<listitem>

<para>

A running system with enabled &selnx;.

</para>

</listitem>

</itemizedlist>

</listitem>

</varlistentry>

</variablelist>

</abstract>

</merge>

<!-- pull in all the topic files you need -->

<!-- pick the appropriate type of include to match your needs -->

<!-- pull in a topic as is -->

<module resourceref="_selinux-audit-log" renderas="section"/>

<module resourceref="_selinux-audit2allow" renderas="section"/>

<!-- pull in a topic and switch the title -->

<module renderas="section">

<merge>

<title>Analyzing AVC messages using <command>setroubleshoot</command></title>

<abstract>

<para>

To analyze AVC denial messages in a user-friendly way, you can use

the <literal>setroubleshoot</literal> tool.

</para>

</abstract>

</merge>

<module resourceref="_setroubleshoot-about" renderas="section">

<merge>

<abstract>

<para/>

</abstract>

</merge>

</module>

<module resourceref="_setroubleshoot-congfiguration" renderas="section"/>

<module resourceref="_setroubleshoot-running-analysis" renderas="section">

<merge>

<abstract>

<para/>

</abstract>

</merge>

</module>

</module>

<module resourceref="_legal"/>

<module resourceref="_gfdl">

<output renderas="appendix"/>

</module>

</structure>

</assembly>