On Tue, 2008-06-24 at 12:39 -0400, Johnny Tan wrote:
John Dennis wrote:
Johnny Tan wrote:
Paul Howarth wrote:
Turn off the dontaudit rules: # semodule -DB
You should then see the AVCs and be able to generate the policy module you need.
You can then turn back on the dontaduit rules: # semodule -B
I don't have dontaudit turned on to begin with. As I mentioned, I *do* see AVCs for other selinux problems.
I think you're misunderstanding what dontaudit does. There are specific policy rules which have a dontaudit flag associated with them which says even if you are auditing don't log this particular denial.
Ok, got it. Is there a similar option for older (i.e., RHEL-5) versions? policycoreutils-1.33.12-12.el5
Not unless RH back-ported the support. But in older releases, you could instead install an enableaudit.pp file, e.g. semodule -b /usr/share/selinux/targeted/enableaudit.pp <exercise system to generate AVC messages> semodule -b /usr/share/selinux/targeted/base.pp
However that only dealt with dontaudit rules in the base module.