Yes, I am running in "Permissive" mode right now, just for testing purposes. If this is by design, is there any way I can force SELinux to log every denial even in Permissive mode ? Thanks, - Rezaul. -----Original Message----- From: Eric Paris [mailto:eparis@xxxxxxxxxxxxxx] Sent: Wednesday, October 17, 2007 5:19 PM To: Hasan Rezaul-CHR010 Cc: Stephen Smalley; Daniel J Walsh; selinux@xxxxxxxxxxxxx Subject: Re: Recurring SELinux events for similar violations... Are you running without enforcing just for testing? When you turn off enforcing it only logs once (by design) but I think it should log the denial every single time in enforcing mode. -Eric On 10/17/07, Hasan Rezaul-CHR010 <CHR010@xxxxxxxxxxxx> wrote: > Hi All, > > I am using a Fedora 6 STRICT policy as my base, and have written some > additional custom policies on top. > > For example, I have allowed certain domains (e.g. staff_t) to modify > file types of etc_t > And I have disallowed other domains (e.g. user_t) to modify file types > of etc_t. > > When user_t makes the first attempt to modify an etc_t file, I do get > DENY events :-) > > But subsequent attempts by user_t to modify etc_t files *DO NOT* > generate any more events ?!? > > - Is this by design ??? > > - Is there something I can do such that EVERY time user_t attempts to > modify a file type etc_t , I will get a corresponding DENY ? > > - In other words, I would like every violation attempt to be reported in > the audit.log file, even if the same violation occurs multiple times in > the same session. > > Thanks in advance, > > - Rezaul. > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
