Re: How do I figure out on what file dac_override is attempted?

On Wed, 2010-01-20 at 13:47 +0100, Göran Uddeborg wrote: > Stephen Smalley: >> To get object information, you need to enable >> syscall auditing, and add a trivial syscall filter to turn on pathname >> collection by the audit subsystem. > > Thanks for that tip (all of you who gave it)! I now know it is > /dev/fb that plymouthd can't access. The audit record also told me it > was owned by a regular user and mode rw-------. So now it makes > sense. A root process would need dac_override to open that file. That tip really ought to get captured in the Fedora SELinux FAQ or Guide. Dan?