On Wednesday 18 February 2009 12:16:14 pm Dan Gruhn wrote:
I'm getting an auditctl startup SELinux violation that is showing
up
with a user ID of -1 (4294967295 in my case).
-1 means that the command was run by something that was not initiated by a
login. IOW, probably initscripts.
I can fix the violation, but before I do I thought I saw something a
while
back about setting a parameter or defining a variable on power-up so that
one didn't get the -1 for something that came up in the wrong order.
There is nothing that fixes that. This is just a statement of fact. The error
originated from a non-login path. What you might be remembering is that you
should put a audit=1 in the boot params of the kernel. This is so that you
don't have any unauditable processes.
-Steve