On 23/02/10 00:55, Trevor Hemsley wrote: > I am sharing my user home directories to other machines on my LAN using > Samba. I have that all working correctly except for one persistent AVC > that I keep seeing. Now this AVC is correct in that I really do not want > my user's .ssh directories read over SMB so I'd quite like to keep that > as-is. But... I get alerts for this all the time so I'd like to know how > to add a dontaudit rule for it so that access is denied but I don't get > told about it. Ideally I'd like to add a generic rule to catch all > user's not have to add one dontaudit rule per user. Just don't have a > clue where to start and google was not much use on this so would > appreciate some help if anyone has done this before? This is easy: just use audit2allow to generate a rule as if you wanted to allow this access, then change the "allow" in the rule to "dontaudit" before compiling and loading your policy module. Paul. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
