On Wed, 2006-11-15 at 17:06 -0500, Karl MacMillan wrote: > Joy Latten wrote: > > Is there a way to reverse a dontaudit rule without having to > > modify and recompile base policy? > > I need to see the audit message to help determine what permissions > > are being denied for a particular application. > > > > No - that is why the enableaudit.pp base policy is provided in > /usr/share/selinux/[policyname]/enableaudit.pp. Install that with: > > semodule -b path_to_enableaudit > > and you should see all denials.
Yes. Eventually all of the dontaudits will be made conditional, controlled by a Boolean. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
