linux-audit-bounces@redhat.com wrote on 03/31/2006 09:36:38 AM:

>
> Daniel J Walsh <dwalsh@redhat.com> wrote on 03/30/2006 04:39:06 PM:
>
> > New policy on ftp://people.redhat.com/dwalsh/SELinux/Fedora
> >
> > Made the changes to allow the transition.  I don't have access to an MLS
> > machine til tomorrow but this should fix it.
> > selinux-policy-targeted-2.2.28-3
> > Dan
>
> Hi Dan,
>
> I just tried the recent policy files available from the above listed
> people page, and I'm being DoS'd from my own machine with a stream
> of audit avc denied messages. From what I can gleam from the stream
> of text, itklogd is being denied {search}.

Sorry, that should read "its 'klogd' being denied {search}". I never got that logged so I can't send you the exact message. If I manage to trap it, I'll send it on. Having the system boot the MLS policy with enforcing mode on as default will cause this DoS to appear for me. Booting with permissive mode is fine. On the plus side, auditctl works for secadm_r, but has lost access to the /root directory, which secadm_r previous had access to.

Mike