Re: SELinux policy reload cannot be sent to audit system
Le 03/11/15 21:08, Richard Guy Briggs a écrit :
On 15/11/03, Steve Grubb wrote:
> On Tuesday, November 03, 2015 06:12:07 PM Laurent Bigonville wrote:
>>
>> I'm running in permissive mode.
>>
>> I'm seeing a netlink open to the audit:
>>
>> dbus-daem 1057 messagebus 7u netlink 0t0 15248 AUDIT
>>
>> Apparently audit_send() returns -1
> Since its -1, that would be an EPERM. No idea where this is coming from if you
> have CAP_AUDIT_WRITE. I use pscap to check that.
Are you in a container of any kind or any non-init USER namespace? I
can't see it being denied otherwise assuming it is only trying to send
AUDIT_USER_* class messages. (This assumes upstream kernel.)
No, I initially saw this on my laptop and then tested on F23 in kvm.
I guess I have to ask which kernel too, since changes to NET and PID
namespaces are somewhat recent and Debian tends on the side of
conservative to be stable.
I'm under debian unstable and the kernel I'm running is 4.2
>> I've been to reproduce this on F23 as well.
> I have not played around with that yet.
What kernel is that?
4.2 too apparently.
Cheers,
Laurent Bigonville