-----BEGIN PGP SIGNED MESSAGE-----
On 10/18/2010 09:52 AM, m.roth(a)5-cent.us wrote:
Would it be a reasonable suggestiong for an enhancement to give full
paths? I've been looking at AVC's and the o/p from sealert for days trying
to figure out the path for various apparetnly temporary files
./<blah.blah> with a label of default_t.
Of course, once I find it, then I have to figure out what to do with it,
whether I need to set the context on the directories they're being created
in, or if that has to do with the special perl that/s in a very
nonstandard path that's running the .cgi that's creating them (and yes,
I'm told it all does have to be there), so pointers to any threads or docs
on that would be appreciated.
selinux mailing list
You can get full paths by
turning on full auditing.
Add the following line to the end of /etc/audit/audit.rules
- -w /etc/shadow -p w
Then restart auditd.
service auditd restart
This will turn on full auditing in the kernel, and should return full
paths when an AVC happens. There is a performance hit that you probably
will not notice, but some CPU bound loads would. We leave this disabled
by default for this reason.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----