[redhat-lspp] Re: anyway to reverse a dontaudit rule?
Christopher J. PeBenito
cpebenito at tresys.com
Thu Nov 16 14:05:46 UTC 2006
On Wed, 2006-11-15 at 17:06 -0500, Karl MacMillan wrote:
> Joy Latten wrote:
> > Is there a way to reverse a dontaudit rule without having to
> > modify and recompile base policy?
> > I need to see the audit message to help determine what permissions
> > are being denied for a particular application.
> >
>
> No - that is why the enableaudit.pp base policy is provided in
> /usr/share/selinux/[policyname]/enableaudit.pp. Install that with:
>
> semodule -b path_to_enableaudit
>
> and you should see all denials.
Yes. Eventually all of the dontaudits will be made conditional,
controlled by a Boolean.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
More information about the redhat-lspp
mailing list