Re: watching files in selinuxfs
On Wednesday 27 September 2006 17:26, Debora Velarde wrote:
When in enforcing mode, I am only able to audit files in selinuxfs
by
inode, not by path. I am running as auditadm_r.
/* Try adding audit rule with -F path */
# auditctl -a exit,always -S open -F path=/selinux/enforce
Error sending add rule request (Permission denied)
When I do this command, I see AVC's:
time->Thu Sep 28 16:25:12 2006
type=AVC msg=audit(1159475112.366:289): avc: denied { getattr } for
pid=12893 comm="auditctl" name="/" dev=hda7 ino=2
scontext=root:system_r:auditctl_t:s0-s0:c0.c255
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
allow auditctl_t fs_t:filesystem getattr;
allow auditctl_t security_t:dir search;
-Steve