received via email: Eric Paris wrote: > http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/sec-sel-building-policy-module.html > > Not sure if you wrote this, can fix this, or know who did/can but I was > given your name as a place to start. > > in 45.2.1 we use the line: > [root@host2a ~]# grep setsebool /var/log/audit/audit.log | audit2allow -M mysemanage > > but there is no promise that in the future the audit subsystem will be > all text data so grep is a poor choice of tools. Binary data in the > audit log might happen as so users should be trained to use the audit > tools to interact with the audit log. A better example would be > > ausearch -m AVC --comm setsebool | audit2allow -M mysemanage > > I'm also not sure how to fix it, because it seemed obvious to me, but > someone in GSS had trouble following the example because they thought > that 'setsebool' was what they would type in there every time there was > an selinux denial they wanted to fix. They didn't realize setsebool was > only relevant to the example in the doc. > > Maybe expand that example to indicate that ausearch -m AVC will give all > denial messages and things like --comm can be used to limit the output > to only programs with a given name. In this specific example we know > that setsebool is causing denials so we use --comm setsebool to limit > the output to only setsebool denials. > > -Eric > > Hi Don I think this falls into your domain now. Can you look into this? cheers -- David O'Brien <daobrien> RHCT Red Hat is #1 in value. Again. http://apac.redhat.com/promo/vendor/
corrected in source, replaced grep-based command with quoted "ausearch" command. **** [ddomingo@woo en-US]$ svn commit -m"BZ#427704, grep-based command changed to ausearch" SELinux_Policy_Customizing.xml Sending SELinux_Policy_Customizing.xml Transmitting file data . Committed revision 922. **** will push to live soon. setting bug as MODIFIED.