> On Wed, 08 Jun 2005 09:28:20 CDT, Hongwei Li said: > >> but no local.te. I don't see it under domain/program/ either. Then, what >> file should I run the above command to? > > You don't have a domain/program/local.te yet because you haven't done any > local > changes to ruleset yet. Go ahead and create it if you decide to 'dontaudit' > that > one avc. I created a file local.te under /etc/selinux/targeted/src/policy/domains/program/ and run: # echo "dontaudit httpd_sys_script_t proc_t:file ioctl;" >> local.te Now, this file has one line dontaudit httpd_sys_script_t proc_t:file ioctl; Then, when I run "make load", I got: # make load mkdir -p tmp ( cd domains/program/ ; for n in *.te ; do echo "define(\`$n')"; done ) > tmp/program_used_flags.te.tmp ( cd domains/misc/ ; for n in *.te ; do echo "define(\`$n')"; done ) >> tmp/program_used_flags.te.tmp mv tmp/program_used_flags.te.tmp tmp/program_used_flags.te make: *** No rule to make target `file_contexts/program/local.fc', needed by `file_contexts/file_contexts'. Stop. What should I put in file_contexts/program/local.fc? Thanks! Hongwei -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list