rsyncd can't open log file, but there are no avc messages

Stephen Smalley sds at tycho.nsa.gov
Tue Jun 24 16:58:54 UTC 2008


On Tue, 2008-06-24 at 12:39 -0400, Johnny Tan wrote:
> John Dennis wrote:
> > Johnny Tan wrote:
> >> Paul Howarth wrote:
> >>> Turn off the dontaudit rules:
> >>> # semodule -DB
> >>>
> >>> You should then see the AVCs and be able to generate the policy 
> >>> module you need.
> >>>
> >>> You can then turn back on the dontaduit rules:
> >>> # semodule -B
> >>
> >> I don't have dontaudit turned on to begin with. As I mentioned, I *do* 
> >> see AVCs for other selinux problems.
> > I think you're misunderstanding what dontaudit does. There are specific 
> > policy rules which have a dontaudit flag associated with them which says 
> > even if you are auditing don't log this particular denial.
> 
> Ok, got it. Is there a similar option for older (i.e., 
> RHEL-5) versions?
> policycoreutils-1.33.12-12.el5

Not unless RH back-ported the support.  But in older releases, you could
instead install an enableaudit.pp file, e.g.
	semodule -b /usr/share/selinux/targeted/enableaudit.pp
	<exercise system to generate AVC messages>
	semodule -b /usr/share/selinux/targeted/base.pp

However that only dealt with dontaudit rules in the base module.

-- 
Stephen Smalley
National Security Agency




More information about the fedora-selinux-list mailing list