On 06/11/2013 01:40 AM, m.roth(a)5-cent.us wrote:
I'm getting those annoying avc granted's in connection with matlab, still
(again?). I see in audit.log it saying "allowed". Would dontaudit shut
that up? The one doc I've found seemed to suggest it would silently deny,
but said nothing about silently allow.
selinux mailing list
The 'dontaudit' policy rules are for those *denials* that need not be
In the current case, what you are seeing is the effect of 'auditallow'
policy rules, which specifies that when certain accesses are allowed,
due to the existence of corresponding 'allow' rules, log that the access
was granted. The 'auditallow' policy rules by themselves do not grant
the access, they only log when the access is granted.
You can see the existing 'auditallow' rules in the policy by running:
These special rules are put in place so that certain *major* access
allows are logged, especially accesses that would have serious security
It is recommended not to remove the existing 'auditallow' policy rules.
However, if you need to remove them, I believe that you would have to
remove them from the base policy source, and recompile the base policy.
Rejy M Cyriac (rmc)