| Home Profile Fun |
#173 Linux 10.03.2009
Tell SELinux to NOT log only once in permissive modeThe problem is that SELinux in permissive mode is logging AVC messages only once. This means if the same violation occurs again, you don't see an additional line in the log file. It makes sense as violations don't lead to stop processes from violating rules and thus the logs get filled endlessly. But on the other side while you are debugging or testing your SELinux system you need all violations logged for examination purposes. To enable the logging flood set the avc cache size to zero. cat /selinux/avc/cache_thresholdRemember the value, should be 512 echo "0" > /selinux/avc/cache_threshold cat /selinux/avc/cache_threshold As intended this is a temporary solution. Set it back to the old value if you are done. SELinux Training |