-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/18/2010 09:52 AM, m.roth@xxxxxxxxx wrote: > Would it be a reasonable suggestiong for an enhancement to give full > paths? I've been looking at AVC's and the o/p from sealert for days trying > to figure out the path for various apparetnly temporary files > ./<blah.blah> with a label of default_t. > > Of course, once I find it, then I have to figure out what to do with it, > whether I need to set the context on the directories they're being created > in, or if that has to do with the special perl that/s in a very > nonstandard path that's running the .cgi that's creating them (and yes, > I'm told it all does have to be there), so pointers to any threads or docs > on that would be appreciated. > > mark > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux You can get full paths by turning on full auditing. Add the following line to the end of /etc/audit/audit.rules - -w /etc/shadow -p w Then restart auditd. service auditd restart This will turn on full auditing in the kernel, and should return full paths when an AVC happens. There is a performance hit that you probably will not notice, but some CPU bound loads would. We leave this disabled by default for this reason. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAky8XrsACgkQrlYvE4MpobM3fgCeKfejssGjuNaCUc1gEFbH6e/I uioAn0Gke5JGZ+HCwowqlwcjvI2q1Q6h =8wEp -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
