Ignoring permissions we don't need

After repeated testing, we will have a policy that works, even though denials might still show up in the audit logs. In order not to alarm any administrator, we might want to disable auditing of those specific denials (while, of course, ensuring that critical access vectors are still logged by the audit daemon).

How to do it…

In order to disable logging of certain denials that do not influence an application's behavior, trigger the denial and then register the dontaudit statements as explained in the following steps:

For each denial shown in the audit logs, we need to find the corresponding dontaudit rule set. Consider the following instance:
```
type=AVC msg=audit(1398936489.877:2464): avc: denied { search } for pid=8241 ...
```

Get SELinux Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SELinux Cookbook by Sven Vermeulen

Ignoring permissions we don't need

How to do it…

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly