On Sun, 2009-11-29 at 01:11 -0500, Roland Roberts wrote: > Thomas Harold wrote: > > On 11/29/2009 12:49 AM, Roland Roberts wrote: > >> But it doesn't seem to include the init.d file, or is rpm -qil not > >> telling me what I think it is telling me: > >> > >> 572 root> rpm -qil setroubleshoot-server | grep /etc > >> /etc/audisp/plugins.d/sedispatch.conf > >> /etc/dbus-1/system.d/org.fedoraproject.Setroubleshootd.conf > >> /etc/logrotate.d/setroubleshoot > >> /etc/setroubleshoot > >> /etc/setroubleshoot/setroubleshoot.cfg > >> > > > > Not sure, that's sounding more like a Fedora issue then an SELinux > > issue (and I'm not running Fedora, I'm running RHEL/CentOS). But a > > bit of google-fu turned up: > > > > http://osdir.com/ml/fedora-selinux/2009-06/msg00053.html > > > > (the linked message was posted by Daniel J Walsh) > > > > Basically, they've restructured things back in June 2009. So you'll > > probably have to go digging in the audit.log file for the AVC messages. > > > > # grep "AVC" /var/log/audit/audit.log > > Thanks. Maybe I'll file a report with bugzilla. Not sure that my > missing messages are a bug, but there is nothing in > /var/log/audit/audit.log with "avc". In any event, it's past my bedtime > here for today > > g'nite. > > roland > Just as a bit of advice for the future. You are better off using the ausearch command to find denials. You can narrow it down to just AVC denials by using ausearch -m AVC. After that you can restrict based on time using some of the other flags for the utility. Dave -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
