[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Worrying AVC messages



On Tuesday 23 January 2007 19:58, Stephen Smalley wrote:
> audit2allow is just a filter that reads avc messages and emits policy
> rules that would allow them.  The -a option tells it to check
> both /var/log/messages and the audit logs for avc messages (using
> ausearch for processing the audit logs).  The -M local option tells it
> to generate a loadable policy module named "local".  Upon completion,
> you should have the following files in the current directory:
> 1) local.te - the policy source generated by audit2allow based on the
> avc messages,
> 2) local.mod - binary representation of the same, created by
> checkmodule,
> 3) local.pp - policy package file, containing local.mod and optionally
> other policy components (but not in this case), created by
> semodule_package.
>
> The last file is then loadable via semodule -i.
> When semodule -i completes, your policy has been updated and loaded into
> the kernel.

All done, and those three files are in /root.  Is that the correct place for 
them?

If I have understood you correctly, by doing that I have told it to 'approve' 
the making of rules to deal with all the denials found there.  At the moment 
I don't think there is anything dangerous in the log, but I presume that 
there are times when you would not want everything added.  What happens about 
those situations?

Anne

Attachment: pgpgwOVsd8Rdk.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]