-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/21/2010 10:41 AM, Robert Nichols wrote: > On 04/21/2010 04:24 AM, Dominick Grift wrote: >> On Wed, Apr 21, 2010 at 01:36:13AM -0500, Robert Nichols wrote: >>> Does the loading and removing of modules by semodule get logged >>> anywhere? Apparently not. That would seem to be pretty important >> >> /var/log/messages displays when policy is loaded. It does not display why (e.g. maybe because a particular module was disabled or removed) >> >> It may or may not be a good idea to mention that somewhere though. > > When I've been installing and removing local modules trying to fix a > problem, it would be extremely useful to be able to tell what modules > were in place at the time a particular AVC was logged. Without that > information it is sometimes hard to tell what, if anything, got fixed > by what module. > So you want the Module name and version recorded in syslog? Everytime selinux-policy gets installed there would be 220 modules installed, giving you 220 log lines. If you installed multiple selinux policies (mls, minimum, targeted) Each one would put a hell of a lot of lines in the log file.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvPD+EACgkQrlYvE4MpobPTBwCghwkqMt/rAlZh8eSokM+vjWS/ m44An1wvJEruuIIgmRNzmtA4ZfKiRX9w =M8X7 -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
