How can I know disabling dontaudit or not ?
Shintaro Fujiwara
shintaro.fujiwara at gmail.com
Sat May 16 12:50:14 UTC 2009
Thanks.
So, I understand there are no commands checking present state of
enabling or disabling dontaudit ?
And especially, disabling dontaudit survives next boot, for an
ordinary administrator like me don't know whether or not disabling
dontaudit.
If I forget disabling dontaudit and don't know much about SELinux
audit, if somebody tell me to do audit2allow and some buggy program
running to manage shadow_t, I will foolishly may install a policy to
manage shadow_t ?
I think in that case, should be checked the present state of dontaudit
disabled or not and giving advice to administrator to type command
#semodue -B.
Well, I presently can manage at least making in certain confined area
a file labeled shadow_t or whatever the dontaudit will be applied and
check if the dontaudit is disabled or not.
I think only ugly way but as an ordinary administrator, I can manage
in that way.
Thanks for your advices.
2009/5/16 Daniel J Walsh <dwalsh at redhat.com>:
> On 05/15/2009 07:50 PM, Shintaro Fujiwara wrote:
>>
>> Hi, I typed,
>>
>> #semodule -DB
>>
>> How should I know if I succeeded disabled dontaudits ?
>>
>> Thanks.
>>
> If the command did not display any errors, it succeeded. Also you should
> start to see a lot more avc messages. Start and stop a couple of services.
>
--
http://intrajp.no-ip.com/ Home Page
More information about the selinux
mailing list