audit2allow -l is unusable in FC5
Yuichi Nakamura
ynakam at hitachisoft.jp
Wed Sep 6 01:15:11 UTC 2006
On Tue, 5 Sep 2006 17:35:24 -0700 (PDT)
Steve G wrote:
> >There is no log saying "avc granted load_policy",
> >instead, there is audit log "audit(1157498697.581:88): policy loaded
> >auid=4294967295 ".
> Yes this is correct. This is the new way as of kernel 2.6.17. There was some
> overlap where an audit was in the policy and the kernel, but we only need one
> message. The audit2allow program should be updated to recognize the above as a
> load policy event.
I see, so avc.py should be fixed.
I wrote simple patch.
Yuichi Nakamura
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: avc.py.diff
Url: http://lists.fedoraproject.org/pipermail/selinux/attachments/20060906/2a4a45eb/attachment.pl
More information about the selinux
mailing list