How can I find out what all the SELinux transactions are?
Stephen Smalley
sds at tycho.nsa.gov
Mon Oct 27 12:59:15 UTC 2008
On Fri, 2008-10-24 at 15:38 -0700, Timothy Renner wrote:
> Is there any debug stream available that can tell me what is being
> processed by the SELinux system? Specifically, I'd like to be able to
> follow the trail from starting an executable, through its state
> transitions, what files it reads, and what their file contexts are, and
> what transitions happen as it calls external programs.
Options:
- Use system call auditing (see man pages for autrace, auditctl, auditd;
ask questions on linux-audit at redhat.com).
or
- Add auditallow rules to the domain for the program in order to trigger
auditing of permission grantings.
And of course, denials are already audited by SELinux by default.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list