I've recently become more and more annoyed with SELinux consistently barfing audit messages during the boot process and into my dmesg logs. It's set to run in permissive mode, which I know produces many more audit messages that enforcing would.

However, I would like to find a permament solution to this. I have the targeted policy and sources installed, and would really like to be able to add rules to selinux so that users, daemons, and programs have access to the proper resources.

Thus far, I haven't been able to find any good resources/tutorials on how to turn something like:


audit(1105292918.856:0): avc: denied { execute } for pid=732
path=/lib/tls/libc-2.3.4.so dev=sdb7 ino=2621453
scontext=user_u:system_r:syslogd_t tcontext=root:object_r:lib_t tclass=file


into an actual SELinux policy rule.

Are there any good tutorials on this process?

Thanks,

jeremiah

Here's a sample from O'Reilly that explains the process of adding permissions:

http://www.linuxdevcenter.com/pub/a/linux/excerpt/selnx_1/index.html

You can use the audit2allow command:

audit2allow -i /var/log/messages -l

You can also place the avc denied messages you want into a text file and point the command there. For example:

audit2allow -i test.txt -l

The command will display the SELinux policy statements (that you can apply to "/etc/selinux/targeted/src/policy/domains/misc/local.te") that will allow the functions that are being denied. Take a look at this section of the Apache SELinux FAQ (http://fedora.redhat.com/docs/selinux-apache-fc3/sn-debugging-and-customizing.html) for a good example of the process.

echo 0 > /selinux/enforce

then do the work after that place 1 in /selinux/enforce by
echo 1> /selinux/enforce