[redhat-lspp] Re: anyway to reverse a dontaudit rule?
Stephen Smalley
sds at tycho.nsa.gov
Mon Nov 20 18:59:09 UTC 2006
On Wed, 2006-11-15 at 17:06 -0500, Karl MacMillan wrote:
> Joy Latten wrote:
> > Is there a way to reverse a dontaudit rule without having to
> > modify and recompile base policy?
> > I need to see the audit message to help determine what permissions
> > are being denied for a particular application.
> >
>
> No - that is why the enableaudit.pp base policy is provided in
> /usr/share/selinux/[policyname]/enableaudit.pp. Install that with:
>
> semodule -b path_to_enableaudit
>
> and you should see all denials.
...that would have been suppressed by dontaudit rules in the base
module. But not dontaudit rules in non-base modules.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list