* Not sending AVC denials to audit.log
@ 2013-04-17 14:16 Rodney Simioni
2013-04-17 14:50 ` Ted Toth
2013-04-17 16:54 ` Dominick Grift
0 siblings, 2 replies; 4+ messages in thread
From: Rodney Simioni @ 2013-04-17 14:16 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 1044 bytes --]
Hi,
I have a few development tests that are failing when I put the server in
'enforcing` mode; however, it's not sending AVC denials to the
audit.log.
I have also used 'semanage dontaudit' in both on and off position and
it's not generating denials. When I put the server in 'permissive mode`,
the tests do not fail.
Why isn't selinux sending the denials to the audit.log when the tests
fail? How do I go about finding the culprit(s) that is/are failing my
tests? Thanks in advance.
Rodney
This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free. Thank you.
[-- Attachment #2: Type: text/html, Size: 2814 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Not sending AVC denials to audit.log
2013-04-17 14:16 Not sending AVC denials to audit.log Rodney Simioni
@ 2013-04-17 14:50 ` Ted Toth
2013-04-17 16:54 ` Dominick Grift
1 sibling, 0 replies; 4+ messages in thread
From: Ted Toth @ 2013-04-17 14:50 UTC (permalink / raw)
To: Rodney Simioni; +Cc: SELinux
[-- Attachment #1: Type: text/plain, Size: 1326 bytes --]
You might try 'semanage -DB' to disable all of the dontaudits. Run
'semanage -B' to re-enable dontaudits.
On Wed, Apr 17, 2013 at 9:16 AM, Rodney Simioni <rodney.simioni@verio.net>wrote:
> Hi,****
>
> ** **
>
> I have a few development tests that are failing when I put the server in
> ‘enforcing` mode; however, it’s not sending AVC denials to the audit.log.*
> ***
>
> I have also used ‘semanage dontaudit’ in both on and off position and it’s
> not generating denials. When I put the server in ‘permissive mode`, the
> tests do not fail.****
>
> Why isn’t selinux sending the denials to the audit.log when the tests
> fail? How do I go about finding the culprit(s) that is/are failing my
> tests? Thanks in advance.****
>
> ** **
>
> Rodney****
>
>
> This email message is intended for the use of the person to whom it has
> been sent, and may contain information that is confidential or legally
> protected. If you are not the intended recipient or have received this
> message in error, you are not authorized to copy, distribute, or otherwise
> use this message or its attachments. Please notify the sender immediately
> by return e-mail and permanently delete this message and any attachments.
> Verio Inc. makes no warranty that this email is error or virus free. Thank
> you.
>
[-- Attachment #2: Type: text/html, Size: 1876 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Not sending AVC denials to audit.log
2013-04-17 14:16 Not sending AVC denials to audit.log Rodney Simioni
2013-04-17 14:50 ` Ted Toth
@ 2013-04-17 16:54 ` Dominick Grift
2013-04-17 17:59 ` Daniel J Walsh
1 sibling, 1 reply; 4+ messages in thread
From: Dominick Grift @ 2013-04-17 16:54 UTC (permalink / raw)
To: Rodney Simioni; +Cc: selinux
On Wed, 2013-04-17 at 10:16 -0400, Rodney Simioni wrote:
> Hi,
>
>
>
> I have a few development tests that are failing when I put the server
> in ‘enforcing` mode; however, it’s not sending AVC denials to the
> audit.log.
Is auditd running?
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Not sending AVC denials to audit.log
2013-04-17 16:54 ` Dominick Grift
@ 2013-04-17 17:59 ` Daniel J Walsh
0 siblings, 0 replies; 4+ messages in thread
From: Daniel J Walsh @ 2013-04-17 17:59 UTC (permalink / raw)
To: Dominick Grift; +Cc: Rodney Simioni, selinux
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/17/2013 12:54 PM, Dominick Grift wrote:
> On Wed, 2013-04-17 at 10:16 -0400, Rodney Simioni wrote:
>> Hi,
>>
>>
>>
>> I have a few development tests that are failing when I put the server in
>> ‘enforcing` mode; however, it’s not sending AVC denials to the
>> audit.log.
>
> Is auditd running?
>
>
>
> -- This message was distributed to subscribers of the selinux mailing
> list. If you no longer wish to subscribe, send mail to
> majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes
> as the message.
>
If auditd is not running avc messages go to /var/log/messages
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFu4wQACgkQrlYvE4MpobP8egCgiWm+Abv9mmbHlqM/V2DEIFQF
SCUAnRKAevSILVzWjLBjv6N/p8ynH/F8
=l1H4
-----END PGP SIGNATURE-----
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-04-17 17:59 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-04-17 14:16 Not sending AVC denials to audit.log Rodney Simioni
2013-04-17 14:50 ` Ted Toth
2013-04-17 16:54 ` Dominick Grift
2013-04-17 17:59 ` Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.