Re: How can I know disabling dontaudit or not ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks.

So, I understand there are no commands checking present state of
enabling or disabling dontaudit ?

And especially, disabling dontaudit survives next boot, for an
ordinary administrator like me don't know whether or not disabling
dontaudit.

If I forget disabling dontaudit and don't know much about SELinux
audit, if somebody tell me to do audit2allow and some buggy program
running to manage shadow_t, I will foolishly may install a policy to
manage shadow_t ?

I think in that case, should be checked the present state of dontaudit
disabled or not and giving advice to administrator to type command
#semodue -B.

Well, I presently can manage at least making in certain confined area
a file labeled shadow_t or whatever the dontaudit will be applied and
check if the dontaudit is disabled or not.

I think only ugly way but as an ordinary administrator, I can manage
in that way.

Thanks for your advices.



2009/5/16 Daniel J Walsh <dwalsh@xxxxxxxxxx>:
> On 05/15/2009 07:50 PM, Shintaro Fujiwara wrote:
>>
>> Hi, I typed,
>>
>> #semodule -DB
>>
>> How should I know if I succeeded disabled dontaudits ?
>>
>> Thanks.
>>
> If the command did not display any errors, it succeeded.  Also you should
> start to see a lot more avc messages.  Start and stop a couple of services.
>



-- 
http://intrajp.no-ip.com/ Home Page

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux