Re: audit 1.2.2 released
On Tuesday 16 May 2006 11:53, Linda Knippers wrote:
His transcript was when running in permissive mode so won't you
only get
the avc deny once?
If its in permissive, you shouldn't get any failure that results in EPERM from
SE Linux. But on second look, this AVC has a success=yes, so maybe not the
smoking gun. If there was a corresponding AVC with success=no, then that
would be notable.
AFAICT, there are 2 places where an access decision is made, audit_netlink_ok
in kernel/audit.c. And the other place is selinux_nlmsg_lookup in
security/selinux/nlmsgtab.c. I think you'd want to patch your kernel to
printk its access decision results in both of those functions. That should
tell us something about what's going on.
-Steve