How can I find out what all the SELinux transactions are?

Stephen Smalley sds at tycho.nsa.gov
Mon Oct 27 12:59:15 UTC 2008


On Fri, 2008-10-24 at 15:38 -0700, Timothy Renner wrote:
> Is there any debug stream available that can tell me what is being 
> processed by the SELinux system?  Specifically, I'd like to be able to 
> follow the trail from starting an executable, through its state 
> transitions, what files it reads, and what their file contexts are, and 
> what transitions happen as it calls external programs.

Options:
- Use system call auditing (see man pages for autrace, auditctl, auditd;
ask questions on linux-audit at redhat.com).
or
- Add auditallow rules to the domain for the program in order to trigger
auditing of permission grantings.

And of course, denials are already audited by SELinux by default.

-- 
Stephen Smalley
National Security Agency




More information about the fedora-selinux-list mailing list