Need Info adding\editing to a personal module?
Murray McAllister
mmcallis at redhat.com
Wed Oct 1 02:01:21 UTC 2008
Frank Murphy wrote:
> Examples only:
>
>
> If exim gave an avc denial.
>
> 1: Create policy.
> audit2allow -M myexim < /var/log/audit/audit.log
>
> then enable it.
> semodule -i myexim.pp
>
> 2: If then in a couple of days exim generates another avc denial,
> different from the first.
>
> How does one edid\use audid2allow to include the new avc.
>
> Have looked at "man audit2allow" and can't seem to grasp an edit from
> the options.
>
> Frank
>
On the day that it generates another denial, you could try something like:
/sbin/ausearch -m avc -ts today | grep x | audit2allow -M
myexim2;/usr/sbin/semodule -i myexim2.pp
Where "x" is the domain, such as "httpd_t" for Apache. It is probably
best to run "/sbin/ausearch -m avc -ts today | grep x" first, to make
sure you get the results you want.
Cheers.
More information about the selinux
mailing list