Thanks. So, I understand there are no commands checking present state of enabling or disabling dontaudit ? And especially, disabling dontaudit survives next boot, for an ordinary administrator like me don't know whether or not disabling dontaudit. If I forget disabling dontaudit and don't know much about SELinux audit, if somebody tell me to do audit2allow and some buggy program running to manage shadow_t, I will foolishly may install a policy to manage shadow_t ? I think in that case, should be checked the present state of dontaudit disabled or not and giving advice to administrator to type command #semodue -B. Well, I presently can manage at least making in certain confined area a file labeled shadow_t or whatever the dontaudit will be applied and check if the dontaudit is disabled or not. I think only ugly way but as an ordinary administrator, I can manage in that way. Thanks for your advices. 2009/5/16 Daniel J Walsh <dwalsh@xxxxxxxxxx>: > On 05/15/2009 07:50 PM, Shintaro Fujiwara wrote: >> >> Hi, I typed, >> >> #semodule -DB >> >> How should I know if I succeeded disabled dontaudits ? >> >> Thanks. >> > If the command did not display any errors, it succeeded. Also you should > start to see a lot more avc messages. Start and stop a couple of services. > -- http://intrajp.no-ip.com/ Home Page -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
