Questions about audit and selinux
Recently wanted to keep log on auditd via logrotate
But seliunx keeps blocking
It is also invalid to follow the action recommended by selinux
The action is as follows
ausearch -c 'logrotate' --raw | audit2allow -M logrotate
semodule -i logrotate.pp
But the result is still invalid
How can I do this without closing selinux?
The second question is I checked on the Internet, change the `selinux` label to `var_t`. But what I want to ask is how do I know he is the tag I want to change `var_t` Instead of other tags I still can't tell if I have `audit2allow` and `semanage boolen`
|