On Tue, 5 Sep 2006 17:35:24 -0700 (PDT) Steve G wrote: > >There is no log saying "avc granted load_policy", > >instead, there is audit log "audit(1157498697.581:88): policy loaded > >auid=4294967295 ". > Yes this is correct. This is the new way as of kernel 2.6.17. There was some > overlap where an audit was in the policy and the kernel, but we only need one > message. The audit2allow program should be updated to recognize the above as a > load policy event. I see, so avc.py should be fixed. I wrote simple patch. Yuichi Nakamura
--- avc.py.orig 2006-09-06 08:34:03.000000000 +0900 +++ avc.py 2006-09-06 10:06:26.000000000 +0900 @@ -354,6 +354,15 @@ found = 1 else: dict.append(i) + + if not found: + regexp = "audit\(\d+\.\d+:\d+\): policy loaded" + m = re.match(regexp, line) + if m !=None: + found =1 + dict.append("load_policy") + dict.append("granted") + if found: self.translate(dict) found = 0
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list