>You should do > >audit2allow -l < /var/log/audit/audit.log I would like to take this opportunity to point out that you should not be using the audit logs directly. ausearch is the correct way to access the logs. I would recommend: ausearch -m avc,selinux_err | audit2allow -l There's 3 reasons for this. 1) There may be more than 1 log file that needs to be examined. ausearch automatically looks at all of them. You can restrict its search by using the -ts & -te parameters. 2) Sometimes file names or sockets get encoded and cannot be read without ausearch's interpretation...and 3) we may be changing to binary log format at some point during fc5/6 time frame. -Steve __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
