-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/21/2010 10:41 AM, Robert Nichols wrote:
On 04/21/2010 04:24 AM, Dominick Grift wrote:
> On Wed, Apr 21, 2010 at 01:36:13AM -0500, Robert Nichols wrote:
>> Does the loading and removing of modules by semodule get logged
>> anywhere? Apparently not. That would seem to be pretty important
>
> /var/log/messages displays when policy is loaded. It does not display why (e.g. maybe
because a particular module was disabled or removed)
>
> It may or may not be a good idea to mention that somewhere though.
When I've been installing and removing local modules trying to fix a
problem, it would be extremely useful to be able to tell what modules
were in place at the time a particular AVC was logged. Without that
information it is sometimes hard to tell what, if anything, got fixed
by what module.
So you want the Module name and version recorded in syslog?
Everytime selinux-policy gets installed there would be 220 modules
installed, giving you 220 log lines. If you installed multiple selinux
policies (mls, minimum, targeted) Each one would put a hell of a lot of
lines in the log file.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAkvPD+EACgkQrlYvE4MpobPTBwCghwkqMt/rAlZh8eSokM+vjWS/
m44An1wvJEruuIIgmRNzmtA4ZfKiRX9w
=M8X7
-----END PGP SIGNATURE-----