No avcs generated after running at jobs in enforcing mode
Justin P. Mattock
justinmattock at gmail.com
Wed Oct 21 00:38:34 UTC 2009
Bruno Wolff III wrote:
> On Tue, Oct 20, 2009 at 16:52:43 -0700,
> "Anamitra Dutta Majumdar (anmajumd)"<anmajumd at cisco.com> wrote:
>
>>
>> We are trying to run an at job which echoes something on the terminal as
>> below
>>
>> at 14:53
>> at> echo "hello"> /dev/pts/1
>> at> ^D
>>
>> When we run the above in the permissive mode we get hello on our term.
>> However when we run in enforcing mode nothing seems to happen. We do not
>> get any sealerts either.
>>
>> Can someone let us know what is going on in the enforcing mode and what
>> would be a way to check the status of the job?
>>
>
> There might be a don't audit on that rule.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
yep,
check to see if there's a mislabel use
restorecon * then
like above just use make enableaudit
while compiling the policy to generate
any avc's that are in the don't audit section.
Justin P. Mattock
More information about the fedora-selinux-list
mailing list