[redhat-lspp] Re: anyway to reverse a dontaudit rule?
Karl MacMillan
kmacmillan at mentalrootkit.com
Wed Nov 15 22:06:49 UTC 2006
Joy Latten wrote:
> Is there a way to reverse a dontaudit rule without having to
> modify and recompile base policy?
> I need to see the audit message to help determine what permissions
> are being denied for a particular application.
>
No - that is why the enableaudit.pp base policy is provided in
/usr/share/selinux/[policyname]/enableaudit.pp. Install that with:
semodule -b path_to_enableaudit
and you should see all denials.
Karl
More information about the redhat-lspp
mailing list