sealert and FC17
Frank Murphy
frankly3d at gmail.com
Fri Aug 3 15:42:07 UTC 2012
On 03/08/12 16:35, m.roth at 5-cent.us wrote:
> I must be missing something. Yes, they're both installed. I tried sealert
> -a /var/log/audit/audit.log, and got nothing - in there, I see a lot of
> SERVICE START and SERVICE STOP. I tried the same on /var/log/messages,
> where I see avc's; for example,
> <timestamp> <name> kernel: [96575.845662] type=1400
> audit(1344007740.130:4055): avc: denied { open } for pid=5804
> comm="awk" name="ld.so.cache" dev="dm-0" ino=61036
> scontext=system_u:system_r:ksmtuned_t:s0
> tcontext=system_u:object_r:file_t:s0 tclass=file
>
> but get nothing. What am I missing?
>
> mark
Are you trying to find avc's in the audit.log?
sudo ausearch -m avc
--
Regards,
Frank
"Jack of all, fubars"
More information about the selinux
mailing list