CentOS 6.4. I'm getting those annoying avc granted's in connection with matlab, still (again?). I see in audit.log it saying "allowed". Would dontaudit shut that up? The one doc I've found seemed to suggest it would silently deny, but said nothing about silently allow.
mark
On 06/11/2013 01:40 AM, m.roth@5-cent.us wrote:
CentOS 6.4. I'm getting those annoying avc granted's in connection with matlab, still (again?). I see in audit.log it saying "allowed". Would dontaudit shut that up? The one doc I've found seemed to suggest it would silently deny, but said nothing about silently allow.
mark
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Mark,
The 'dontaudit' policy rules are for those *denials* that need not be logged.
In the current case, what you are seeing is the effect of 'auditallow' policy rules, which specifies that when certain accesses are allowed, due to the existence of corresponding 'allow' rules, log that the access was granted. The 'auditallow' policy rules by themselves do not grant the access, they only log when the access is granted.
You can see the existing 'auditallow' rules in the policy by running:
sesearch --auditallow
These special rules are put in place so that certain *major* access allows are logged, especially accesses that would have serious security implications.
It is recommended not to remove the existing 'auditallow' policy rules. However, if you need to remove them, I believe that you would have to remove them from the base policy source, and recompile the base policy.
selinux@lists.fedoraproject.org