Thomas Cameron wrote: > On 08/03/2012 09:06 AM, m.roth@xxxxxxxxx wrote: >> Dan, >> >> I read your post at <http://danwalsh.livejournal.com/26053.html>, but >> what I still don't understand is this: on a user's system (actually, my >> manager's). What I need, and not just for his system, is a way to do >> what setroubleshoot *used* to do: give me a sealert in a logfile so I >> can run it from a command line. > > Have you installed setroubleshoot and setroubleshoot-server? > > Once you do, you can use e.g. sealert to read the alerts from the > command line. I must be missing something. Yes, they're both installed. I tried sealert -a /var/log/audit/audit.log, and got nothing - in there, I see a lot of SERVICE START and SERVICE STOP. I tried the same on /var/log/messages, where I see avc's; for example, <timestamp> <name> kernel: [96575.845662] type=1400 audit(1344007740.130:4055): avc: denied { open } for pid=5804 comm="awk" name="ld.so.cache" dev="dm-0" ino=61036 scontext=system_u:system_r:ksmtuned_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file but get nothing. What am I missing? mark -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
