On Wednesday 23 July 2008 18:30:45 LC Bruzenak wrote:
2: why is ausearch producing the AVCs?
Low level is the minimum access needed to read files created by that
user.If the low level of a process is lower than the file's, it's
not permitted.
type=AVC msg=audit(07/23/2008 17:18:44.292:1622) : avc: denied
{ read } for pid=4033 comm=ausearch name=audit.log dev=dm-0 ino=24698
scontext=root:staff_r:staff_t:s0-s15:c0.c1023
tcontext=system_u:object_r:auditd_log_t:s15:c0.c1023 tclass=file
In the message, the level of audit.log is s15:c0.c1023, while the current
process is s0. So the process can't read audit.log and AVSs are producted.
Regards
Cai Xianchao