On Wed, Oct 02, 2019 at 02:25:22PM -0500, Ian Pilcher wrote: > I am writing an SELinux policy for a daemon that needs to exec an > external program. The execve call is being denied (permission denied), > but no denial is being logged, even after disabling dontaudit rules > (semodule -DB). Are you also looking for "selinux_err" records? `ausearch -m avc,user_avc,selinux_err -i` will return avc, user_avc and selinux_err records if auditd is running. > > (The execve call does succeed in permissive mode.) > > How can I troubleshoot this? > > Thanks! > > -- > ======================================================================== > Ian Pilcher arequipeno@xxxxxxxxx > -------- "I grew up before Mark Zuckerberg invented friendship" -------- > ======================================================================== -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
Attachment:
signature.asc
Description: PGP signature
