Worrying AVC messages

Anne Wilson cannewilson at tiscali.co.uk
Wed Jan 24 10:10:16 UTC 2007


On Tuesday 23 January 2007 19:58, Stephen Smalley wrote:
> audit2allow is just a filter that reads avc messages and emits policy
> rules that would allow them.  The -a option tells it to check
> both /var/log/messages and the audit logs for avc messages (using
> ausearch for processing the audit logs).  The -M local option tells it
> to generate a loadable policy module named "local".  Upon completion,
> you should have the following files in the current directory:
> 1) local.te - the policy source generated by audit2allow based on the
> avc messages,
> 2) local.mod - binary representation of the same, created by
> checkmodule,
> 3) local.pp - policy package file, containing local.mod and optionally
> other policy components (but not in this case), created by
> semodule_package.
>
> The last file is then loadable via semodule -i.
> When semodule -i completes, your policy has been updated and loaded into
> the kernel.

All done, and those three files are in /root.  Is that the correct place for 
them?

If I have understood you correctly, by doing that I have told it to 'approve' 
the making of rules to deal with all the denials found there.  At the moment 
I don't think there is anything dangerous in the log, but I presume that 
there are times when you would not want everything added.  What happens about 
those situations?

Anne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20070124/0f1f4999/attachment.sig>


More information about the fedora-selinux-list mailing list