You should do
audit2allow -l < /var/log/audit/audit.log
I would like to take this opportunity to point out that you should not be using
the audit logs directly. ausearch is the correct way to access the logs. I would
recommend:
ausearch -m avc,selinux_err | audit2allow -l
There's 3 reasons for this. 1) There may be more than 1 log file that needs to be
examined. ausearch automatically looks at all of them. You can restrict its
search by using the -ts & -te parameters. 2) Sometimes file names or sockets get
encoded and cannot be read without ausearch's interpretation...and 3) we may be
changing to binary log format at some point during fc5/6 time frame.
-Steve
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com