>>>>> "DG" == Dominick Grift <dominick.grift@xxxxxxxxx> writes: DG> You should really see AVC denials when you build the policy.db with DG> the dontaudit rules removed (semodule -DB) DG> Maybe you've overlooked them? I know the original question was about EL6 but I had some issues with CGI-type stuff outside of a specific cgi-bin directory recently on F16, and I was quite surprised that completely relevant AVCs were hidden behind dontaudit rules. In fact, I had no AVCs at all for that situation; stuff just failed to work without any indication of why. semodule -DB made it completely obvious, once you picked out the AVCs that caused the problem from whatever random other stuff was expected to happen. Is there any reasonable explanation for why these AVCs are not shown by default? - J< -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
