[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: wish-list item for selinux policy analyss
On Thu, 2005-06-30 at 03:05 -0400, Ivan Gyurdiev wrote:
> I don't understand why you need an internal kernel
> change to do what you like, however - what's wrong with working
> on top of the audit log? Just comment out all the rules you're
> interested in, and look for denials?
Or just add auditallow rules and let it audit all grantings for a while,
then reduce your rule set accordingly.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
This mailing list archive is a service of Copilot Consulting.