Le mardi 29 novembre 2005 à 18:49 -0500, Daniel J Walsh a écrit :
Nicolas Mailhot wrote:
> Le mardi 29 novembre 2005 à 15:01 -0500, Daniel J Walsh a écrit :
>
>> Nicolas Mailhot wrote:
>>
>
>
>>> The udev denial seems fixed with selinux-policy-targeted-2.0.6-1. So
>>> things get (slowly) fixed. But most issues are still there :
>>>
>>> audit2allow < /var/log/audit/audit.log
>>>
You should do
audit2allow -l < /var/log/audit/audit.log
To only get the messages of what AVC messages you got after the last reload.
Right now my procedure is :
1. install policy
2. touch ./autorelabel
3. init 6
4. init 1
5. mv /var/log/audit/audit.log somewhere_else
6. init 6
7. do some stuff
8. audit2allow
which should be at least as strict of what you propose
Please attach the audit.log
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172496#c23
Regards,
--
Nicolas Mailhot