Apparently I'm not. I'm using 1.33 on a pretty clean RHEL5 box. Any idea of how difficult it will be to jump to the devel version? Or is there another way to disable the dontaudits? On Mon, 2008-02-04 at 14:11 -0500, Stephen Smalley wrote: > On Mon, 2008-02-04 at 13:02 -0600, Jeremiah Jahn wrote: > > Is there some way to turn of the dontaudit w/ the refpolicy and a > > module policy build. make enableaudit seems to only change the base > > policy, and not any of the policies that actually do anything. > > > > This is with the refpolicy selinux-refpolicy-sources-20071214-1 running > > on RHEL5. > > > > For some reason, when the policy is enforced, I can't su from a staff_r > > user, yet when I try with enforcing=0 I don't get any audit messages, > > and I'm not really comfortable modifying every user oriented admin > > modules to remove the dontaudit rules. doing so in su.te helped find a > > few things, but I'm not sure what's blocking it now. > > If using a recent semodule, you can do semodule -DB to strip the entire > policy of dontaudit rules and load the result, then semodule -B to > revert to the original policy. > In 1880 the French captured Detroit but gave it back ... they couldn't get parts.
Attachment:
signature.asc
Description: This is a digitally signed message part
