Re: Beginner question deciphering SELinux logs

> >> PS: Is there anyway to configure SELinux/auditd to use regular dates, >> as sylogd does? > > Stop looking at audit logs directly. (I'll leave the policy questions > to the policy people, sorry) > > ausearch -m AVC -i Very cool, thanks! One other outstanding suggestion I received was the RPM pkg 'setroubleshoot'. It does a mind blowing / amazing job of taking AVC error messages and explaining to you exactly what they mean and suggested actions. Not only does it help troubleshooting, but it helps to better understand SElinux in general. Now only if there was such a utlity for the rest of Linux logging (dmesg anyone? :). Thanks! lance Summary SELinux is preventing /usr/sbin/named (named_t) "getattr" access to /dev/random (tmpfs_t).