Latest kernel (2356), avc's on hwclock
Stephen Smalley
sds at tycho.nsa.gov
Fri Jul 7 14:27:08 UTC 2006
On Fri, 2006-07-07 at 07:14 -0700, Tom London wrote:
> Running latest rawhide kernel, get the following during boot (in
> /var/log/messages):
>
> Jul 7 06:22:45 localhost kernel: audit(1152278484.994:5): avc:
> denied { audit_write } for pid=471 comm="hwclock" capability=29
> scontext=system_u:system_r:hwclock_t:s0
> tcontext=system_u:system_r:hwclock_t:s0 tclass=capability
Looks like the Fedora hwclock is instrumented to generate an audit
record, but policy doesn't yet allow it to do so. These capability
checks used to be silent (no auditing) since they occur on netlink recv,
but a recent patch has enabled SELinux to generate audit messages on the
netlink recv capability checks. So we can expect these types of denials
to show up now. Should be allowed in this case.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list