On November 25, 2011 23:24 , Mark Montague <mark@xxxxxxxxxxx> wrote: > Where does Fedora 16 log boot-time SELinux denial messages? Under > Fedora 14 and previous (for sure) and under Fedora 15 (I think), > messages were logged via syslog and appeared in /var/log/messages until > auditd started. However, this is apparently not happening with Fedora > 16 -- how can I get these denial messages? I found the answer: the messages were not being generated due to dontaudit rules. For some reason, I had thought that the denial messages I was expecting were generated under previous versions of Fedora, and so I did not consider dontaudit rules right away. Following the advice in Dan's article ( http://danwalsh.livejournal.com/11673.html ) to run "semodule -DB" caused the desired denial messages to be logged. -- Mark Montague mark@xxxxxxxxxxx -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
