If auditd is not running, secadm needs dmesg to get the avc messages.
If auditd is running the same info is available through auditd
anyway.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/secadm.te serefpolicy-3.5.0/policy/modules/roles/secadm.te
--- nsaserefpolicy/policy/modules/roles/secadm.te 2008-06-12 23:25:06.000000000 -0400
+++ serefpolicy-3.5.0/policy/modules/roles/secadm.te 2008-07-15 14:05:12.000000000 -0400
@@ -48,6 +48,10 @@
')
optional_policy(`
+ dmesg_exec(secadm_t)
+')
+
+optional_policy(`
netlabel_run_mgmt(secadm_t, secadm_r, { secadm_tty_device_t secadm_devpts_t })
')
--
David Härdeman
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
