[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: Permissive mode for xace is broken.
From:       Steve Grubb <sgrubb () redhat ! com>
Date:       2008-02-28 21:17:16
Message-ID: 200802281617.17223.sgrubb () redhat ! com
[Download RAW message or body]

On Thursday 28 February 2008 13:51:05 Stephen Smalley wrote:
> On Thu, 2008-02-28 at 13:48 -0500, Eamon Walsh wrote:
> > Stephen Smalley wrote:
> > > On Mon, 2008-02-25 at 20:12 -0500, Eamon Walsh wrote:
> > >> Eamon Walsh wrote:
> > >>> The X object manager logs all avc's and status messages (including
> > >>> the AVC netlink stuff) through the audit system using libaudit calls
> > >>> (audit_log_user_avc_message, etc.)

Please tell me they have different record types. Also do you have any samples 
that we can look over to make sure they conform?


> > > Can you verify that the X server was able to create the audit socket
> > > successfully?
> >
> > Yes, because when I actually install the audit package, things started
> > appearing in /var/log/audit/audit.log.  I did not have the audit package
> > installed.  Why isn't it redirecting to /var/log/messages in this case?

It should be if you have audit enabled. Perhaps you didn't boot with audit=1?

-Steve

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]