audit2allow -M local < /tmp/avcs ?
Paul Howarth
paul at city-fan.org
Tue Jul 8 08:37:15 UTC 2008
Frank Murphy wrote:
> On Mon, 2008-07-07 at 11:27 +0200, drago01 wrote:
>
>>>> The logs are either in /var/log/audit.log (if audit is running)
>>>> otherwise in syslog (in this case passing -D to audit2allow will use
>>>> them)
>>> audit2allow /var/log/audit/audit.log?
>> yes just use this file instead of /tmp/avcs
>> audit2allow -M local < /your/log/file
>
> How long mush one give to the command?
> I cleared the log, waited for two avc alerts.
> ran: [root at frank-03 ~]# audit2allow -M local /var/log/audit/audit.log
>
> It's been an hour so far.
What you typed isn't what was suggested. You missed the "<".
It's waiting for the end of file on stdin, which is your terminal.
Paul.
More information about the fedora-selinux-list
mailing list