Questions about audit and selinux
by 真無趣阿 from LinuxQuestions.org on (#51493)
Recently wanted to keep log on auditd via logrotate
But seliunx keeps blocking
It is also invalid to follow the action recommended by selinux
The action is as follows
ausearch -c 'logrotate' --raw | audit2allow -M logrotate
semodule -i logrotate.pp
But the result is still invalid
How can I do this without closing selinux?
The second question is I checked on the Internet, change the `selinux` label to `var_t`. But what I want to ask is how do I know he is the tag I want to change `var_t` Instead of other tags I still can't tell if I have `audit2allow` and `semanage boolen`
But seliunx keeps blocking
It is also invalid to follow the action recommended by selinux
The action is as follows
ausearch -c 'logrotate' --raw | audit2allow -M logrotate
semodule -i logrotate.pp
But the result is still invalid
How can I do this without closing selinux?
The second question is I checked on the Internet, change the `selinux` label to `var_t`. But what I want to ask is how do I know he is the tag I want to change `var_t` Instead of other tags I still can't tell if I have `audit2allow` and `semanage boolen`