On Tue, 2008-06-24 at 12:39 -0400, Johnny Tan wrote:
John Dennis wrote:
> Johnny Tan wrote:
>> Paul Howarth wrote:
>>> Turn off the dontaudit rules:
>>> # semodule -DB
>>>
>>> You should then see the AVCs and be able to generate the policy
>>> module you need.
>>>
>>> You can then turn back on the dontaduit rules:
>>> # semodule -B
>>
>> I don't have dontaudit turned on to begin with. As I mentioned, I *do*
>> see AVCs for other selinux problems.
> I think you're misunderstanding what dontaudit does. There are specific
> policy rules which have a dontaudit flag associated with them which says
> even if you are auditing don't log this particular denial.
Ok, got it. Is there a similar option for older (i.e.,
RHEL-5) versions?
policycoreutils-1.33.12-12.el5
Not unless RH back-ported the support. But in older releases, you could
instead install an enableaudit.pp file, e.g.
semodule -b /usr/share/selinux/targeted/enableaudit.pp
<exercise system to generate AVC messages>
semodule -b /usr/share/selinux/targeted/base.pp
However that only dealt with dontaudit rules in the base module.
--
Stephen Smalley
National Security Agency