-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/18/2010 11:11 PM, Paul Ward wrote:
Hi Daniel,
Thanks for your reply, looks like that may be what I need. :)
I assume again this wont upset teh running of the machine when this is performed?
Also is theis change persisteant after reboots?
Is there a way for making a new policy to allow the required actions instead of removing the dontaudit all together?
many thanks
Yes, You can add the new rules using audit2allow
grep AVC /var/log/audit/audit.log | audit2allow -M mypol semodule -i mypol.pp
Will add the rules.
semodule -B
Will turn back on the dontaudit rules.