Re: ausearch / policy question
On Fri, 2008-07-25 at 14:27 +0800, Cai Xianchao wrote:
> type=AVC msg=audit(07/23/2008 17:18:44.292:1622) : avc: denied
> { read } for pid=4033 comm=ausearch name=audit.log dev=dm-0 ino=24698
> scontext=root:staff_r:staff_t:s0-s15:c0.c1023
> tcontext=system_u:object_r:auditd_log_t:s15:c0.c1023 tclass=file
>
>
In the message, the level of audit.log is s15:c0.c1023, while the current
process is s0. So the process can't read audit.log and AVSs are producted.
scontext includes sensitivity levels range s0-s15.
Doesn't that include tcontext sensitivity level s0 (same
classifications)?
Thx,
LCB.
--
LC (Lenny) Bruzenak
lenny(a)magitekltd.com