> >All of those rules look fine for audit package > 1.3 and > > kernel probably > 2.6.21. But those rules are not default > > and would have taken some research to come up with > > since I know of no public examples of auditing by selinux > > context. > > So what should line 15 look like today? There is no line 15. The default audit rules are simply 14 lines ending with feel free to add rules below this. And that is where all your problems are. The audit by obj_type would have a very esoteric use and would encode knowledge of a specific selinux policy, so its not something I'd ever ship by default - even in sample rules. -Steve __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list