On Tue, 2008-01-01 at 20:59 -0600, Lance Spitzner wrote:
>
>> PS: Is there anyway to configure SELinux/auditd to use regular dates,
>> as sylogd does?
>
> Stop looking at audit logs directly. (I'll leave the policy questions
> to the policy people, sorry)
>
> ausearch -m AVC -i
Very cool, thanks! One other outstanding suggestion I received was
the RPM pkg 'setroubleshoot'. It does a mind blowing / amazing job of
taking AVC error messages and explaining to you exactly what they mean
and suggested actions. Not only does it help troubleshooting, but it
helps to better understand SElinux in general. Now only if there was
such a utlity for the rest of Linux logging (dmesg anyone? :).
Thanks!
lance
Summary
SELinux is preventing /usr/sbin/named (named_t) "getattr" access to
/dev/random (tmpfs_t).
ummm, how did it get mislabled? hmmm, anyway, if you followed the
restorecon suggestion i assume it started working....
-Eric