No type=PATH record in FC6 audit?
Stephen Smalley
sds at tycho.nsa.gov
Fri Oct 6 14:29:55 UTC 2006
On Fri, 2006-10-06 at 23:09 +0900, Yuichi Nakamura wrote:
> Hi,
>
> I am playing with FC6-test3.
> I installed audit,
> and found that type=PATH record does not appear in audit.log,
> when access is denied by SELinux.
>
> Will type=PATH record disappear in FC6?
If you define any audit rules via auditctl (or put them
into /etc/audit/audit.rules for loading upon startup), then you should
see them again. There is an optimization in the audit system to disable
collection of audit data like paths if there are no audit rules to avoid
the overhead associated with such collection. This means you need at
least one audit rule defined to get that information.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list