No type=PATH record in FC6 audit?
Yuichi Nakamura
ynakam at hitachisoft.jp
Tue Oct 10 00:02:29 UTC 2006
On Fri, 06 Oct 2006 10:29:55 -0400
Stephen Smalley wrote:
> > I am playing with FC6-test3.
> > I installed audit,
> > and found that type=PATH record does not appear in audit.log,
> > when access is denied by SELinux.
> >
> > Will type=PATH record disappear in FC6?
> If you define any audit rules via auditctl (or put them
> into /etc/audit/audit.rules for loading upon startup), then you should
> see them again. There is an optimization in the audit system to disable
> collection of audit data like paths if there are no audit rules to avoid
> the overhead associated with such collection. This means you need at
> least one audit rule defined to get that information.
I have tried it now.
PATH entry appeared by adding dummy audit rule.
Thank you.
Yuichi
More information about the fedora-selinux-list
mailing list