On 12/14/09 08:15, Guido Trentalancia wrote:
Auditctl should operate at kernel-level. But this topics are all off-theme from SELinux. You shouldn't post audit questions to a SELinux mailing list.
Probably should be refpolicy, and Xorg because this pertains to XACE, but you took these cc's off the e-mail! Anyways, as for auditd keep in mind this has todo with Xorg.0.log, nothing todo with anything in /var/log/messages, or any other log message that auditd reads(and remember I don't have auditd turned on). So lets try again: I'm running X.Org X Server 1.7.99.2 after building the latest refpolicy and defining my allow rules(all of them as possible), I seem to have some of them show up later in time. (which is normal). The problem that I have is on some occasions these denials that show up long after I have defined as many allow rules as possible, seem to be spamming my Xorg.0.log, until I define them into the policy with audit2allow. my question is, is there a mechanism similar to printk_ratelimit for Xorg.0.log so when this happens my Xorg.0.log does not become spammed with one avc denial causing my system to freeze up, until the avc denial has done registering all of it's denials or I allow it into the policy? Justin P. mattock -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
