On 08/11/13 06:24, David Sommerseth wrote: > On 07. nov. 2013 04:06, Steven Haigh wrote: >> >> While this is interesting, it doesn't provide any methods for auditing >> selinux rules. > > Hi Steven, > > This can be quite hard. But I'll try to help you understand this topic > a little bit better. Unfortunately, it's not easy (for me) to make it > quick and short. > I have to say, this is one of the best run downs of SELinux that I have ever read. I've been playing with SELinux on one server for a few days in permissive mode - after manually installing the policies etc. As such, I'm not 100% sure if all labelling has been done correctly. I did force a relabel, but I was hoping there was a simple way to test things - however it doesn't seem that simple :) I'll fiddle around a bit more in the need future. -- Steven Haigh Email: [log in to unmask] Web: https://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897 Fax: (03) 8338 0299