Examples only:
If exim gave an avc denial.
1: Create policy. audit2allow -M myexim < /var/log/audit/audit.log
then enable it. semodule -i myexim.pp
2: If then in a couple of days exim generates another avc denial, different from the first.
How does one edid\use audid2allow to include the new avc.
Have looked at "man audit2allow" and can't seem to grasp an edit from the options.
Frank
Frank Murphy wrote:
Examples only:
If exim gave an avc denial.
1: Create policy. audit2allow -M myexim < /var/log/audit/audit.log
then enable it. semodule -i myexim.pp
2: If then in a couple of days exim generates another avc denial, different from the first.
How does one edid\use audid2allow to include the new avc.
Have looked at "man audit2allow" and can't seem to grasp an edit from the options.
Frank
On the day that it generates another denial, you could try something like:
/sbin/ausearch -m avc -ts today | grep x | audit2allow -M myexim2;/usr/sbin/semodule -i myexim2.pp
Where "x" is the domain, such as "httpd_t" for Apache. It is probably best to run "/sbin/ausearch -m avc -ts today | grep x" first, to make sure you get the results you want.
Cheers.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Frank Murphy wrote:
Examples only:
If exim gave an avc denial.
1: Create policy. audit2allow -M myexim < /var/log/audit/audit.log
then enable it. semodule -i myexim.pp
2: If then in a couple of days exim generates another avc denial, different from the first.
How does one edid\use audid2allow to include the new avc.
Have looked at "man audit2allow" and can't seem to grasp an edit from the options.
Frank
You've been blogged.
http://danwalsh.livejournal.com/24750.html
selinux@lists.fedoraproject.org