FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 04-21-2010, 06:36 AM
Robert Nichols
 
Default Any log entries from semodule???

Does the loading and removing of modules by semodule get logged
anywhere? Apparently not. That would seem to be pretty important
information.

--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 04-21-2010, 09:24 AM
Dominick Grift
 
Default Any log entries from semodule???

On Wed, Apr 21, 2010 at 01:36:13AM -0500, Robert Nichols wrote:
> Does the loading and removing of modules by semodule get logged
> anywhere? Apparently not. That would seem to be pretty important

/var/log/messages displays when policy is loaded. It does not display why (e.g. maybe because a particular module was disabled or removed)

It may or may not be a good idea to mention that somewhere though.

> information.
>
> --
> Bob Nichols "NOSPAM" is really part of my email address.
> Do NOT delete it.
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 04-21-2010, 02:41 PM
Robert Nichols
 
Default Any log entries from semodule???

On 04/21/2010 04:24 AM, Dominick Grift wrote:
> On Wed, Apr 21, 2010 at 01:36:13AM -0500, Robert Nichols wrote:
>> Does the loading and removing of modules by semodule get logged
>> anywhere? Apparently not. That would seem to be pretty important
>
> /var/log/messages displays when policy is loaded. It does not display why (e.g. maybe because a particular module was disabled or removed)
>
> It may or may not be a good idea to mention that somewhere though.

When I've been installing and removing local modules trying to fix a
problem, it would be extremely useful to be able to tell what modules
were in place at the time a particular AVC was logged. Without that
information it is sometimes hard to tell what, if anything, got fixed
by what module.

--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 04-21-2010, 02:46 PM
Daniel J Walsh
 
Default Any log entries from semodule???

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/21/2010 10:41 AM, Robert Nichols wrote:
> On 04/21/2010 04:24 AM, Dominick Grift wrote:
>> On Wed, Apr 21, 2010 at 01:36:13AM -0500, Robert Nichols wrote:
>>> Does the loading and removing of modules by semodule get logged
>>> anywhere? Apparently not. That would seem to be pretty important
>>
>> /var/log/messages displays when policy is loaded. It does not display why (e.g. maybe because a particular module was disabled or removed)
>>
>> It may or may not be a good idea to mention that somewhere though.
>
> When I've been installing and removing local modules trying to fix a
> problem, it would be extremely useful to be able to tell what modules
> were in place at the time a particular AVC was logged. Without that
> information it is sometimes hard to tell what, if anything, got fixed
> by what module.
>
So you want the Module name and version recorded in syslog?

Everytime selinux-policy gets installed there would be 220 modules
installed, giving you 220 log lines. If you installed multiple selinux
policies (mls, minimum, targeted) Each one would put a hell of a lot of
lines in the log file.)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvPD+EACgkQrlYvE4MpobPTBwCghwkqMt/rAlZh8eSokM+vjWS/
m44An1wvJEruuIIgmRNzmtA4ZfKiRX9w
=M8X7
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 04-21-2010, 04:05 PM
Robert Nichols
 
Default Any log entries from semodule???

On 04/21/2010 09:46 AM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 04/21/2010 10:41 AM, Robert Nichols wrote:
>> On 04/21/2010 04:24 AM, Dominick Grift wrote:
>>> On Wed, Apr 21, 2010 at 01:36:13AM -0500, Robert Nichols wrote:
>>>> Does the loading and removing of modules by semodule get logged
>>>> anywhere? Apparently not. That would seem to be pretty important
>>>
>>> /var/log/messages displays when policy is loaded. It does not display why (e.g. maybe because a particular module was disabled or removed)
>>>
>>> It may or may not be a good idea to mention that somewhere though.
>>
>> When I've been installing and removing local modules trying to fix a
>> problem, it would be extremely useful to be able to tell what modules
>> were in place at the time a particular AVC was logged. Without that
>> information it is sometimes hard to tell what, if anything, got fixed
>> by what module.
>>
> So you want the Module name and version recorded in syslog?
>
> Everytime selinux-policy gets installed there would be 220 modules
> installed, giving you 220 log lines. If you installed multiple selinux
> policies (mls, minimum, targeted) Each one would put a hell of a lot of
> lines in the log file.)

No, but when I run commands that insert or remove modules into/from the
policy, I would like _that_ to be recorded, unless of course you can
tell me some other way of finding out what version of rootprocmail1.pp
was active at 3:48 PM yesterday.

--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 06:46 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org