> >All of those rules look fine for audit  package > 1.3 and 
> > kernel probably > 2.6.21. But those rules are not default
> > and would have taken some research  to come up with
> > since I know of no public examples of auditing by selinux
> > context.
> 
> So what should line 15 look like today?

There is no line 15. The default audit rules are simply 14 lines ending with feel free to add rules below this. And that is where all your problems are. The audit by obj_type would have a very esoteric use and would encode knowledge of a specific selinux policy, so its not something I'd ever ship by default - even in sample rules.


-Steve


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list