How to temporarily turn off "don't audit" feature
Paul Howarth
paul at city-fan.org
Thu Jan 28 09:51:56 UTC 2010
On 28/01/10 09:25, Bruno Wolff III wrote:
> I am trying to get a game working under xguest and some rule is blocking
> it from working, but the rule doesn't show up in the audit log. (If I
> go to permissive mode after logging in to xguest I can run the game. But
> it won't work if I stay in enforcing mode.)
> I would would like to temporarily have all avc's show up in the audit file
> so that I can find the one that is blocking things. I haven't found a
> way to do this on current verions of Fedora. (There was a recommendation
> for rhel that doesn't apply to Fedora.)
Turn off dontaudit rules: semodule -DB
Turn them back on: semodule -B
See "man semodule"
Paul.
More information about the selinux
mailing list