On Fri, 2006-07-28 at 10:48 +0100, Paul Howarth wrote: > Deepak Shrestha wrote: > >> Look in /var/log/messages, or if you're running the audit daemon > >> (default on in FC4), /var/log/audit/audit.log, for lines containing > >> "type=AVC". > >> > >> Paul. > >> > > > > I don't have audit directory or audit.log but issuing > > # cat /var/log/messages | grep AVC > > > > gives me blank result > > It's possible that any messages may have been rotated out. Try: > > $ fgrep type=AVC /var/log/messages* > > If there's nothing there then it's likely that your issue was not > SELinux-related. I think the type=AVC prefixes are only added if running auditd (in which case you'd be checking /var/log/audit/audit.log*). Otherwise, you'd just get the raw audit message from the kernel in /var/log/messages. The safest thing is to just look for "avc:"; that will be present regardless. -- Stephen Smalley National Security Agency
