I typed semodule -DB, my mistake...
If you are kind enough to teach me a way back to normal audit, I am
glad to hear.
I forgot , sorry.
semodule -B ?
Thanks.
2009/5/13 Shintaro Fujiwara <shintaro.fujiwara@xxxxxxxxx>:
> Yeh, I was forgetting the command "audit them all" stuff, thanks for
> letting me know.
>
> #after i semanage -DB
>
> allow segatex_t security_t:filesystem getattr;
> allow segatex_t self:process setfscreate;
> allow segatex_t semanage_t:process { siginh rlimitinh noatsecure };
>
> #============= semanage_t ==============
> allow semanage_t setfiles_t:process { siginh rlimitinh noatsecure };
>
> #end after i semanage -DB
>
> I finally made it.
> Both adding and deleting user.
>
> Maybe I should add button to audit them all thing.
> I remember RH original one had it, so.
>
> Thanks !
>
> 2009/5/13 Stephen Smalley <sds@xxxxxxxxxxxxx>:
>> On Wed, 2009-05-13 at 23:01 +0900, Shintaro Fujiwara wrote:
>>> Thank you.
>>>
>>> I updated my tool's policy including 2 interfaces you guys introduced.
>>>
>>> Still I can't add user from my tool and strangely, no AVC messages now
>>> even I setSELinux permissive.
>>> Of course when I set permissive, I can add user.
>>> But, I don't have any denied logs now...
>>>
>>> No way out ?
>>
>> Run "semodule -DB" to strip dontaudit rules and try again.
>> You'll have to wade through the irrelevant avc messages though.
>>
>> --
>> Stephen Smalley
>> National Security Agency
>>
>>
>
>
>
> --
> http://intrajp.no-ip.com/ Home Page
>
--
http://intrajp.no-ip.com/ Home Page
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
