John Dennis wrote:
Johnny Tan wrote:
Paul Howarth wrote:
Turn off the dontaudit rules:
# semodule -DB
You should then see the AVCs and be able to generate the policy
module you need.
You can then turn back on the dontaduit rules:
# semodule -B
I don't have dontaudit turned on to begin with. As I mentioned, I *do*
see AVCs for other selinux problems.
I think you're misunderstanding what dontaudit does. There are specific
policy rules which have a dontaudit flag associated with them which says
even if you are auditing don't log this particular denial.
Ok, got it. Is there a similar option for older (i.e.,
RHEL-5) versions?
policycoreutils-1.33.12-12.el5
johnn
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
