Re: audit 1.2.2 released
Michael C Thompson wrote:
Steve Grubb wrote:
> On Tuesday 16 May 2006 13:23, Steve Grubb wrote:
>> AFAICT, there are 2 places where an access decision is made,
>> audit_netlink_ok in kernel/audit.c. And the other place is
>> selinux_nlmsg_lookup in security/selinux/nlmsgtab.c. I think you'd
>> want to
>> patch your kernel to printk its access decision results in both of
>> those
>> functions. That should tell us something about what's going on.
>
> Mike,
>
> Did you ever patch your kernel to get more info or did this problem go
> away in the latest kernel (lspp.26)?
I have tested this on the 26 and 27 kernel and am still experiencing the
problem. I'm working on tracking it down now.
This is definately not an SELinux issue. I don't know enough about the
audit_reply structure to fully understand what is happening. This is
what I know:
socket_has_perm returns 0, and netlink_recvmsg does definitely get hit.
The error is getting packaged up in the body of the netlink message, but
I don't know where to begin looking for this, nor do I have the time to
continue looking.
If you have any possible fixes, I'll gladly test them, but currently,
I'm at a loss for time and can't continue.
Thanks,
Mike