Would it be a reasonable suggestiong for an enhancement to give full paths? I've been looking at AVC's and the o/p from sealert for days trying to figure out the path for various apparetnly temporary files ./<blah.blah> with a label of default_t.
Of course, once I find it, then I have to figure out what to do with it, whether I need to set the context on the directories they're being created in, or if that has to do with the special perl that/s in a very nonstandard path that's running the .cgi that's creating them (and yes, I'm told it all does have to be there), so pointers to any threads or docs on that would be appreciated.
mark
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/18/2010 09:52 AM, m.roth@5-cent.us wrote:
Would it be a reasonable suggestiong for an enhancement to give full paths? I've been looking at AVC's and the o/p from sealert for days trying to figure out the path for various apparetnly temporary files ./<blah.blah> with a label of default_t.
Of course, once I find it, then I have to figure out what to do with it, whether I need to set the context on the directories they're being created in, or if that has to do with the special perl that/s in a very nonstandard path that's running the .cgi that's creating them (and yes, I'm told it all does have to be there), so pointers to any threads or docs on that would be appreciated.
mark
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
You can get full paths by turning on full auditing.
Add the following line to the end of /etc/audit/audit.rules
- -w /etc/shadow -p w
Then restart auditd.
service auditd restart
This will turn on full auditing in the kernel, and should return full paths when an AVC happens. There is a performance hit that you probably will not notice, but some CPU bound loads would. We leave this disabled by default for this reason.
selinux@lists.fedoraproject.org