Re: How can I find out what all the SELinux transactions are?
On Fri, 2008-10-24 at 15:38 -0700, Timothy Renner wrote:
Is there any debug stream available that can tell me what is being
processed by the SELinux system? Specifically, I'd like to be able to
follow the trail from starting an executable, through its state
transitions, what files it reads, and what their file contexts are, and
what transitions happen as it calls external programs.
Options:
- Use system call auditing (see man pages for autrace, auditctl, auditd;
ask questions on linux-audit(a)redhat.com).
or
- Add auditallow rules to the domain for the program in order to trigger
auditing of permission grantings.
And of course, denials are already audited by SELinux by default.
--
Stephen Smalley
National Security Agency