Hi,
I am playing with FC6-test3. I installed audit, and found that type=PATH record does not appear in audit.log, when access is denied by SELinux.
Will type=PATH record disappear in FC6?
Yuichi Nakamura
On Fri, 2006-10-06 at 23:09 +0900, Yuichi Nakamura wrote:
Hi,
I am playing with FC6-test3. I installed audit, and found that type=PATH record does not appear in audit.log, when access is denied by SELinux.
Will type=PATH record disappear in FC6?
If you define any audit rules via auditctl (or put them into /etc/audit/audit.rules for loading upon startup), then you should see them again. There is an optimization in the audit system to disable collection of audit data like paths if there are no audit rules to avoid the overhead associated with such collection. This means you need at least one audit rule defined to get that information.
On Fri, 06 Oct 2006 10:29:55 -0400 Stephen Smalley wrote:
I am playing with FC6-test3. I installed audit, and found that type=PATH record does not appear in audit.log, when access is denied by SELinux.
Will type=PATH record disappear in FC6?
If you define any audit rules via auditctl (or put them into /etc/audit/audit.rules for loading upon startup), then you should see them again. There is an optimization in the audit system to disable collection of audit data like paths if there are no audit rules to avoid the overhead associated with such collection. This means you need at least one audit rule defined to get that information.
I have tried it now. PATH entry appeared by adding dummy audit rule. Thank you.
Yuichi
Will type=PATH record disappear in FC6?
It is there, however we loose that record unless you have audit rules loaded. This was part of some performance optimizations of the audit system so that it can be on all the time for setroubleshootd.
-Steve
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
selinux@lists.fedoraproject.org