I typed semodule -DB, my mistake...
If you are kind enough to teach me a way back to normal audit, I am
glad to hear.
I forgot , sorry.
semodule -B ?
Thanks.
2009/5/13 Shintaro Fujiwara <shintaro.fujiwara(a)gmail.com>:
Yeh, I was forgetting the command "audit them all" stuff,
thanks for
letting me know.
#after i semanage -DB
allow segatex_t security_t:filesystem getattr;
allow segatex_t self:process setfscreate;
allow segatex_t semanage_t:process { siginh rlimitinh noatsecure };
#============= semanage_t ==============
allow semanage_t setfiles_t:process { siginh rlimitinh noatsecure };
#end after i semanage -DB
I finally made it.
Both adding and deleting user.
Maybe I should add button to audit them all thing.
I remember RH original one had it, so.
Thanks !
2009/5/13 Stephen Smalley <sds(a)tycho.nsa.gov>:
> On Wed, 2009-05-13 at 23:01 +0900, Shintaro Fujiwara wrote:
>> Thank you.
>>
>> I updated my tool's policy including 2 interfaces you guys introduced.
>>
>> Still I can't add user from my tool and strangely, no AVC messages now
>> even I setSELinux permissive.
>> Of course when I set permissive, I can add user.
>> But, I don't have any denied logs now...
>>
>> No way out ?
>
> Run "semodule -DB" to strip dontaudit rules and try again.
> You'll have to wade through the irrelevant avc messages though.
>
> --
> Stephen Smalley
> National Security Agency
>
>
--
http://intrajp.no-ip.com/ Home Page
--
http://intrajp.no-ip.com/ Home Page