audit2allow -M local < /tmp/avcs ?
drago01
drago01 at gmail.com
Mon Jul 7 09:27:33 UTC 2008
On Mon, Jul 7, 2008 at 11:13 AM, Frank Murphy <frankly3d at gmail.com> wrote:
> On Mon, 2008-07-07 at 11:08 +0200, drago01 wrote:
>> On Mon, Jul 7, 2008 at 11:02 AM, Frank Murphy <frankly3d at gmail.com> wrote:
>> > [root at frank-01 ~]# audit2allow -M local < /tmp/avcs
>> > -bash: /tmp/avcs: No such file or directory
>> >
>> >
>> > Where to go next.
>> >
>> > The logs are mailed to "root at localhost" by exim.
>> >
>> > What and where need to be allowed.
>> >
>> > Have already done a /sbin/fixfiles relabel. (mislabelled stuff)
>> >
>> > To allow for future logs?
>>
>> /tmp/avcs ??
>
> I took that verbatim from faq, rather new to this selinux thingey.
>
>> The logs are either in /var/log/audit.log (if audit is running)
>> otherwise in syslog (in this case passing -D to audit2allow will use
>> them)
>
> audit2allow /var/log/audit/audit.log?
yes just use this file instead of /tmp/avcs
audit2allow -M local < /your/log/file
More information about the fedora-selinux-list
mailing list