[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: rsyncd can't open log file, but there are no avc messages
- From: Stephen Smalley <sds tycho nsa gov>
- To: Johnny Tan <linuxweb gmail com>
- Cc: Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
- Subject: Re: rsyncd can't open log file, but there are no avc messages
- Date: Tue, 24 Jun 2008 12:58:54 -0400
On Tue, 2008-06-24 at 12:39 -0400, Johnny Tan wrote:
> John Dennis wrote:
> > Johnny Tan wrote:
> >> Paul Howarth wrote:
> >>> Turn off the dontaudit rules:
> >>> # semodule -DB
> >>>
> >>> You should then see the AVCs and be able to generate the policy
> >>> module you need.
> >>>
> >>> You can then turn back on the dontaduit rules:
> >>> # semodule -B
> >>
> >> I don't have dontaudit turned on to begin with. As I mentioned, I *do*
> >> see AVCs for other selinux problems.
> > I think you're misunderstanding what dontaudit does. There are specific
> > policy rules which have a dontaudit flag associated with them which says
> > even if you are auditing don't log this particular denial.
>
> Ok, got it. Is there a similar option for older (i.e.,
> RHEL-5) versions?
> policycoreutils-1.33.12-12.el5
Not unless RH back-ported the support. But in older releases, you could
instead install an enableaudit.pp file, e.g.
semodule -b /usr/share/selinux/targeted/enableaudit.pp
<exercise system to generate AVC messages>
semodule -b /usr/share/selinux/targeted/base.pp
However that only dealt with dontaudit rules in the base module.
--
Stephen Smalley
National Security Agency
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]