From: Hung Truong <hung.truong@tridsys.com>
To: Daniel J Walsh <dwalsh@redhat.com>
Cc: refpolicy@oss1.tresys.com, selinux@tycho.nsa.gov
Subject: RE: Turn off "dontaudit" rules in monolithic policy
Date: Tue, 22 Jan 2013 11:54:18 -0500 [thread overview]
Message-ID: <5d39ee58920a6a7a54682d2c584f05cf@mail.gmail.com> (raw)
In-Reply-To: <50FEAEE1.9000002@redhat.com>
This works!!! BTW, there was a typo. The command should be:
make enableaudit
I really appreciate your help.
Hung Truong | Trident Systems Incorporated
Sr. Embedded Engineer, Software System Engineering Group
10201 Fairfax Boulevard | Suite 300 | Fairfax, VA 22030
d: 703.267.6746 | f: 703.273.6608
e: hung.truong@tridsys.com | www.tridsys.com
Notice: The information contained in this email message is considered
confidential and proprietary to the sender and is intended solely for review
and use by the named recipient. Any unauthorized review, use or
distribution is strictly prohibited. If you have received this message in
error, please advise the sender by reply email and delete the message.
-----Original Message-----
From: Daniel J Walsh [mailto:dwalsh@redhat.com]
Sent: Tuesday, January 22, 2013 10:23 AM
To: Hung Truong
Subject: Re: Turn off "dontaudit" rules in monolithic policy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/22/2013 10:14 AM, Hung Truong wrote:
> Could you tell me how to compile a policy without dontaudit rules?
> Thanks.
>
make enabelaudit
I believe.
>
> Hung Truong | Trident Systems Incorporated Sr. Embedded Engineer,
> Software System Engineering Group 10201 Fairfax Boulevard | Suite 300
> | Fairfax, VA
> 22030 d: 703.267.6746 | f: 703.273.6608 e: hung.truong@tridsys.com |
> www.tridsys.com
>
>
>
> Notice: The information contained in this email message is considered
> confidential and proprietary to the sender and is intended solely for
> review and use by the named recipient. Any unauthorized review, use
> or distribution is strictly prohibited. If you have received this
> message in error, please advise the sender by reply email and delete the
> message.
>
>
> -----Original Message----- From: Daniel J Walsh
> [mailto:dwalsh@redhat.com]
> Sent: Tuesday, January 22, 2013 10:11 AM To: Hung Truong Cc: Vu,
> Joseph; SELinux Subject: Re: Turn off "dontaudit" rules in monolithic
> policy
>
>
>
> On 01/22/2013 09:31 AM, Hung Truong wrote:
>> I am using version 3.7.19-155el6.6.
>
>
>
>> *From:*Vu, Joseph [mailto:joseph.vu@boeing.com
>> <mailto:joseph.vu@boeing.com>] *Sent:* Tuesday, January 22, 2013 9:19
>> AM
>> *To:* Hung Truong; SELinux *Subject:* RE: Turn off "dontaudit" rules
>> in monolithic policy
>
>
>
>> Hung,
>
>
>
>> I have been trying to rebuild monolithic policy and was not able to.
>
>> What version of SELinux Policy and RHT are you using?
>
>
>
>> ---------------------------------------------------------------------
>> -
>> ----------
>
>> *From:*owner-selinux@tycho.nsa.gov
>> <mailto:owner-selinux@tycho.nsa.gov>
>> [mailto:owner-selinux@tycho.nsa.gov] *On Behalf Of *Hung Truong
>> *Sent:* Monday, January 21, 2013 11:25 AM *To:* SELinux *Subject:*
>> Turn off "dontaudit" rules in monolithic policy
>
>
>
>> I have a custom monolithic build based on RHEL6 policy. I get this
>> error when try to turn off dontaudit rules:
>
>> $ semodule -DB
>
>
>> libsemanage.semanage_link_sandbox: Could not access sandbox base file
>> /etc/selinux/targeted/modules/bmp/base.pp. (No such file or
>> directory)
>
>> Is there other way to turn off dontaudit rules in a monilithic policy?
>
>
>
>> Many thanks,
>
>> --Hung Truong
>
> Why not compile two policies one with and one without dontaudit rules?
>
> -- This message was distributed to subscribers of the selinux mailing
> list. If you no longer wish to subscribe, send mail to
> majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without
> quotes as the message.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlD+ruEACgkQrlYvE4MpobPNkACggndNE6JYVYFJIWRJ4UAjHEIw
WnQAn1iAHwPv3UtoiTt3MOSYOgnLtGOv
=/+7i
-----END PGP SIGNATURE-----
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2013-01-22 16:54 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-21 17:25 Turn off "dontaudit" rules in monolithic policy Hung Truong
2013-01-22 14:19 ` Vu, Joseph
2013-01-22 14:31 ` Hung Truong
2013-01-22 15:10 ` Daniel J Walsh
2013-01-22 15:14 ` Hung Truong
[not found] ` <50FEAEE1.9000002@redhat.com>
2013-01-22 16:54 ` Hung Truong [this message]
2013-01-22 18:02 ` Christopher J. PeBenito
2013-01-22 18:12 ` Hung Truong
2013-01-22 18:20 ` Christopher J. PeBenito
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5d39ee58920a6a7a54682d2c584f05cf@mail.gmail.com \
--to=hung.truong@tridsys.com \
--cc=dwalsh@redhat.com \
--cc=refpolicy@oss1.tresys.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.