Re: FC5 MLS Policy: auditctl permission denied
linux-audit-bounces(a)redhat.com wrote on 03/31/2006 09:36:38 AM:
Daniel J Walsh <dwalsh(a)redhat.com> wrote on 03/30/2006 04:39:06 PM:
> New policy on ftp://people.redhat.com/dwalsh/SELinux/Fedora
>
> Made the changes to allow the transition. I don't have access to an
MLS
> machine til tomorrow but this should fix it.
> selinux-policy-targeted-2.2.28-3
> Dan
Hi Dan,
I just tried the recent policy files available from the above listed
people page, and I'm being DoS'd from my own machine with a stream
of audit avc denied messages. From what I can gleam from the stream
of text, itklogd is being denied {search}.
Sorry, that should read "its 'klogd' being denied {search}". I never got
that logged so I can't send you the exact message. If I manage to trap it,
I'll send it on. Having the system boot the MLS policy with enforcing mode
on as default will cause this DoS to appear for me. Booting with
permissive mode is fine. On the plus side, auditctl works for secadm_r,
but has lost access to the /root directory, which secadm_r previous had
access to.
Mike
Attachments:
- attachment.html (text/html — 1.3 KB)