Hi, I have a bash script that I've written that runs in its own domain, let's call it my_domain_t. When I run this script, I get a denial stating that the script was denied audit_write. But all the script is doing when it gets this denial is printing to the screen and asking for user input. >From the SELinux wiki I know that audit_write allows the program to "send audit messsages from user space". But does that mean it is able to write to /var/log/audit/audit.log? Or more likely send a message to the audit daemon which then appends to the audit log? So given that I currently don't feel any need to audit the results of my script should I use an allow rule or something like dontaudit? allow my_domain_t self:capability audit_write or dontaudit my_domain_t self:capability audit_write I'm running this script on CLIP. Thanks, Jason -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
