On Tue, 2008-06-24 at 12:39 -0400, Johnny Tan wrote: > John Dennis wrote: > > Johnny Tan wrote: > >> Paul Howarth wrote: > >>> Turn off the dontaudit rules: > >>> # semodule -DB > >>> > >>> You should then see the AVCs and be able to generate the policy > >>> module you need. > >>> > >>> You can then turn back on the dontaduit rules: > >>> # semodule -B > >> > >> I don't have dontaudit turned on to begin with. As I mentioned, I *do* > >> see AVCs for other selinux problems. > > I think you're misunderstanding what dontaudit does. There are specific > > policy rules which have a dontaudit flag associated with them which says > > even if you are auditing don't log this particular denial. > > Ok, got it. Is there a similar option for older (i.e., > RHEL-5) versions? > policycoreutils-1.33.12-12.el5 Not unless RH back-ported the support. But in older releases, you could instead install an enableaudit.pp file, e.g. semodule -b /usr/share/selinux/targeted/enableaudit.pp <exercise system to generate AVC messages> semodule -b /usr/share/selinux/targeted/base.pp However that only dealt with dontaudit rules in the base module. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
