[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Need Info adding\editing to a personal module?

From: Murray McAllister <mmcallis redhat com>
To: frankly3d gmail com
Cc: fedora-selinux-list redhat com
Subject: Re: Need Info adding\editing to a personal module?
Date: Wed, 01 Oct 2008 12:01:21 +1000

Frank Murphy wrote:

Examples only:


If exim gave an avc denial.

1: Create policy.
audit2allow -M myexim < /var/log/audit/audit.log

then enable it.
semodule -i myexim.pp

2: If then in a couple of days exim generates another avc denial,
different from the first.

How does one edid\use audid2allow to include the new avc.

Have looked at "man audit2allow" and can't seem to grasp an edit from
the options.

Frank

On the day that it generates another denial, you could try something like:

/sbin/ausearch -m avc -ts today | grep x | audit2allow -Mmyexim2;/usr/sbin/semodule -i myexim2.pp

Where "x" is the domain, such as "httpd_t" for Apache. It is probablybest to run "/sbin/ausearch -m avc -ts today | grep x" first, to makesure you get the results you want.


Cheers.

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]