Stephen Smalley <[EMAIL PROTECTED]> wrote on 09/28/2006 06:34:43 AM: > On Wed, 2006-09-27 at 14:26 -0700, Debora Velarde wrote: > > When in enforcing mode, I am only able to audit files in selinuxfs by > > inode, not by path. I am running as auditadm_r. > > > > /* Try adding audit rule with -F path */ > > # auditctl -a exit,always -S open -F path=/selinux/enforce > > Error sending add rule request (Permission denied) > > What avc denial do you get? I suspect this just means the policy should > be changed to allow e.g. search on security_t:dir for auditctl.
I don't see any AVC messages when I try to add this rule. The only new record I see is: type=CONFIG_CHANGE msg=audit(1159461436.758:1016): auid=500 subj=staff_u:auditadm_r:auditctl_t:s0-s15:c0.c255 add rule key=(null) list=4 res=0 But no rule was added: # auditctl -l No rules -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
