Re: How do I figure out on what file dac_override is attempted?

Stephen Smalley: > To get object information, you need to enable > syscall auditing, and add a trivial syscall filter to turn on pathname > collection by the audit subsystem. Thanks for that tip (all of you who gave it)! I now know it is /dev/fb that plymouthd can't access. The audit record also told me it was owned by a regular user and mode rw-------. So now it makes sense. A root process would need dac_override to open that file.