rsyncd can't open log file, but there are no avc messages
Stephen Smalley
sds at tycho.nsa.gov
Tue Jun 24 16:58:54 UTC 2008
On Tue, 2008-06-24 at 12:39 -0400, Johnny Tan wrote:
> John Dennis wrote:
> > Johnny Tan wrote:
> >> Paul Howarth wrote:
> >>> Turn off the dontaudit rules:
> >>> # semodule -DB
> >>>
> >>> You should then see the AVCs and be able to generate the policy
> >>> module you need.
> >>>
> >>> You can then turn back on the dontaduit rules:
> >>> # semodule -B
> >>
> >> I don't have dontaudit turned on to begin with. As I mentioned, I *do*
> >> see AVCs for other selinux problems.
> > I think you're misunderstanding what dontaudit does. There are specific
> > policy rules which have a dontaudit flag associated with them which says
> > even if you are auditing don't log this particular denial.
>
> Ok, got it. Is there a similar option for older (i.e.,
> RHEL-5) versions?
> policycoreutils-1.33.12-12.el5
Not unless RH back-ported the support. But in older releases, you could
instead install an enableaudit.pp file, e.g.
semodule -b /usr/share/selinux/targeted/enableaudit.pp
<exercise system to generate AVC messages>
semodule -b /usr/share/selinux/targeted/base.pp
However that only dealt with dontaudit rules in the base module.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list