Description of problem: For some reason, grep consider /var/log/audit/audit.log to be a binary file, so when I run the suggested command grep sstpc /var/log/audit/audit.log | audit2allow -M mypols to fix some SELinux problem with sstp (Bug 1136569), it tells me Nothing to do One easy fix is to use grep -a to force interpreting the input as text. Additional info: I tried to locate the line of audit.log that causes the problem but strangely, it doesn't show up unless I pass a big chunk of the file to grep.
What does # grep sstpc /var/log/audit/audit.log returns you?
> # grep sstpc /var/log/audit/audit.log > Binary file /var/log/audit/audit.log matches > # Adding -a, I get the matching lines instead.
This would be an audit or kernel issue not an selinux issue.
The audit log is a text file. Grep has never been a recommended tool to use on the audit logs because it will find only one record of an event and not the whole event. The correct way to find events with sstpc is: ausearch -x sstpc --raw | audit2allow -M mypols
You could suggest to use ausearch in catchall plugin: -# grep $SOURCE /var/log/audit/audit.log | audit2allow -M mypol +# ausearch -c $SOURCE | audit2allow -M mypol Grégoire, does the following command work for you? ausearch -c sstpc | audit2allow -M mypol
Yes, ausearch works.
https://github.com/fedora-selinux/setroubleshoot/commit/f198e902d313218685d69e2b20f9ad49dfaae1a6
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
setroubleshoot-plugins-3.3.3-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-4ebee7316b
setroubleshoot-plugins-3.3.3-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-b643f1e1df
setroubleshoot-plugins-3.3.3-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-b643f1e1df
setroubleshoot-plugins-3.3.3-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-4ebee7316b
setroubleshoot-plugins-3.3.3-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
setroubleshoot-plugins-3.3.3-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.