Johnny Tan wrote:
Paul Howarth wrote:
Turn off the dontaudit rules:
# semodule -DB
You should then see the AVCs and be able to generate the policy
module you need.
You can then turn back on the dontaduit rules:
# semodule -B
I don't have dontaudit turned on to begin with. As I mentioned, I *do*
see AVCs for other selinux problems.
I think you're misunderstanding what dontaudit does. There are specific
policy rules which have a dontaudit flag associated with them which says
even if you are auditing don't log this particular denial. What has been
suggested is you disable those donaudit flags so you see ALL the
denials, not just those which do not currently have the dontaudit flag
set on them, which is your current situation.
--
John Dennis <jdennis@xxxxxxxxxx>
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
