Steve Grubb wrote:
On Thursday 13 July 2006 17:03, Michael C Thompson wrote:
> In doing some tests, I've noticed that the USER_ROLE_CHANGE audit record
> is associated with both newrole, and semanage user -[ad].
semanage should also be using these:
#define AUDIT_ROLE_ASSIGN 2301 /* Admin assigned user to role */
#define AUDIT_ROLE_REMOVE 2302 /* Admin removed user from role */
USER_ROLE_CHANGE should only be used when newrole is used. If semanage needs
more record types let me know.
-Steve
Hey Steve,
I do not believe these messages are implemented, or at least are not
properly used, in semanage. Doing semanage user changes or semanage
login changes only result in USER_ROLE_CHANGE messages.
'semanage user -d deleteme_u' yeilds:
type=USER_ROLE_CHANGE msg=audit(1153152594.356:685): user pid=10862
uid=0 auid=0 subj=root:staff_r:staff_t:s0-s15:c0.c255 msg='op=delete
SELinux user record acct=deleteme_u old-seuser=? old-role=? old-range=?
new-seuser=? new-role=? new-range=? exe=/usr/sbin/semanage (hostname=?,
addr=?, terminal=pts/2 res=success)'
This is seen with policycoreutils-1.30.17-2.
Thanks,
Mike