On Mon, 2008-04-07 at 08:41 -0700, Karrels, Jeffrey J (US SSA) wrote: > policycoreutils-1.33.12-12.el5 Ok, file a bugzilla against it, please. Dan will have to extract the bug fix from sepolgen upstream and back port it. > > > -----Original Message----- > > From: Stephen Smalley [mailto:sds@xxxxxxxxxxxxx] > > Sent: Friday, April 04, 2008 5:05 AM > > To: Karrels, Jeffrey J (US SSA) > > Cc: selinux@xxxxxxxxxxxxx; Daniel J Walsh > > Subject: Re: Audit2allow + allow rule for 'granted' access > > > > > > On Thu, 2008-04-03 at 16:06 -0700, Karrels, Jeffrey J (US SSA) wrote: > > > Not that this is a big deal, but is there a way to stop audit2allow > > > from processing and creating rules for audits that are 'granted'? > > > > > > > > > > > > I turned on auditing for a couple of rules so I can keep an eye on > > > domain transitions. That creates some entries in the audit log such > > > as: "avc: granted { transition } for pid=3409 ". > > > > > > > > > > > > When I run audit2allow on that entry, audit2allow creates a rule for > > > that entry as if the entry were a 'denied' rather than a 'granted'. > It > > > came into being an issue when I was ignoring the allow transition > > > entries, and there was an actual 'denied' audit (hidden amongst the > > > granted transitions [for mls reasons]) that I was not catching when > > > manually going through the logs. > > > > That's a bug. What version of policycoreutils? Fixed upstream > already, > > I believe, so bugzilla it against RHEL. > > > > -- > > Stephen Smalley > > National Security Agency > > > > > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
