Matthew, Just to make sure I understand this correctly, rsyslogd has been granted permission to read all the various statistics and debugging files stored in /var/named/data/ ----- Original Message ----- > From: "Matthew Wilkinson" <MatthewWilkinson@xxxxxxxxxxxxxxxxx> > To: "birdynam" <birdynambox@xxxxxxxxx>, selinux@xxxxxxxxxxxxxxxxxxxxxxx > Sent: Friday, September 22, 2017 1:54:38 PM > Subject: RE: Unable to use audit2allow on avc denials > > I figured it out. Once I got auditd running again, I was able to use > audit2allow to get the right policies from SELinux. Once I did that, > rsyslogd could read the logs in /var/named/data/ > > --Matthew Wilkinson > > > -----Original Message----- > From: birdynam [mailto:birdynambox@xxxxxxxxx] > Sent: Friday, September 22, 2017 12:41 > To: selinux@xxxxxxxxxxxxxxxxxxxxxxx > Subject: Re: Unable to use audit2allow on avc denials > > [This is an external email. Be cautious with links, attachments and > responses.] > > ********************************************************************** > Yep your right, > > i just wanted to point the fact that even if the logs are in messages instead > of audit.log, audit2allow can be used (related to Wilkinson Matthew post). > > > Birdy. > _______________________________________________ > selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send > an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx > _______________________________________________ > selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx > -- Simon Sekidde gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
