On 12/13/09 08:42, Guido Trentalancia wrote:
Justin, your question seems more of an audit question. Why don't you use audit2allow to sort this out from a SELinux point of view instead than trying to shut up audit ? Audit2allow can generate custom rules for you from the analysis of your audit log messages. The rules can then be compiled into a custom policy module, that you can install with semodule.
I can easily create an allow rule with audit2allow. The issue is not creating an allow rule, but having Xorg.0.log spammed with a denial causing the system to freeze up, until the avc is done doing with whatever it's doing (in this case logging many denials of the same one). hence the reason for wondering if theres a mechanism that could be put in place like prinkt_ratelimit for Xorg.0.log this way I don't get spammed with a denial. Justin P. Mattock -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
