How to temporarily turn off "don't audit" feature
Bruno Wolff III
bruno at wolff.to
Thu Jan 28 14:09:48 UTC 2010
On Thu, Jan 28, 2010 at 09:51:56 +0000,
Paul Howarth <paul at city-fan.org> wrote:
> On 28/01/10 09:25, Bruno Wolff III wrote:
> > I am trying to get a game working under xguest and some rule is blocking
> > it from working, but the rule doesn't show up in the audit log. (If I
> > go to permissive mode after logging in to xguest I can run the game. But
> > it won't work if I stay in enforcing mode.)
> > I would would like to temporarily have all avc's show up in the audit file
> > so that I can find the one that is blocking things. I haven't found a
> > way to do this on current verions of Fedora. (There was a recommendation
> > for rhel that doesn't apply to Fedora.)
>
> Turn off dontaudit rules: semodule -DB
> Turn them back on: semodule -B
>
> See "man semodule"
Thanks!
More information about the selinux
mailing list