[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: audit2allow -l is unusable in FC5



>There is no log saying "avc granted load_policy",
>instead, there is audit log "audit(1157498697.581:88): policy loaded 
>auid=4294967295 ".

Yes this is correct. This is the new way as of kernel 2.6.17. There was some
overlap where an audit was in the policy and the kernel, but we only need one
message. The audit2allow program should be updated to recognize the above as a
load policy event.

-Steve

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]