paths

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/18/2010 09:52 AM, m.roth at 5-cent.us wrote:
> Would it be a reasonable suggestiong for an enhancement to give full
> paths? I've been looking at AVC's and the o/p from sealert for days trying
> to figure out the path for various apparetnly temporary files
> ./<blah.blah> with a label of default_t.
> 
> Of course, once I find it, then I have to figure out what to do with it,
> whether I need to set the context on the directories they're being created
> in, or if that has to do with the special perl that/s in a very
> nonstandard path that's running the .cgi that's creating them (and yes,
> I'm told it all does have to be there), so pointers to any threads or docs
> on that would be appreciated.
> 
>           mark
> 
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
You can get full paths by turning on full auditing.

Add the following line to the end of /etc/audit/audit.rules

- -w /etc/shadow -p w

Then restart auditd.

service auditd restart

This will turn on full auditing in the kernel, and should return full
paths when an AVC happens.  There is a performance hit that you probably
will not notice, but some CPU bound loads would.  We leave this disabled
by default for this reason.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAky8XrsACgkQrlYvE4MpobM3fgCeKfejssGjuNaCUc1gEFbH6e/I
uioAn0Gke5JGZ+HCwowqlwcjvI2q1Q6h
=8wEp
-----END PGP SIGNATURE-----