Le mardi 29 novembre 2005 à 18:49 -0500, Daniel J Walsh a écrit :
Nicolas Mailhot wrote:
Le mardi 29 novembre 2005 à 15:01 -0500, Daniel J Walsh a écrit :
Nicolas Mailhot wrote:
The udev denial seems fixed with selinux-policy-targeted-2.0.6-1. So things get (slowly) fixed. But most issues are still there :
audit2allow < /var/log/audit/audit.log
You should do
audit2allow -l < /var/log/audit/audit.log
To only get the messages of what AVC messages you got after the last reload.
Right now my procedure is : 1. install policy 2. touch ./autorelabel 3. init 6 4. init 1 5. mv /var/log/audit/audit.log somewhere_else 6. init 6 7. do some stuff 8. audit2allow
which should be at least as strict of what you propose
Please attach the audit.log
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172496#c23
Regards,