No avcs generated after running at jobs in enforcing mode
Daniel J Walsh
dwalsh at redhat.com
Wed Oct 21 21:08:27 UTC 2009
On 10/20/2009 07:52 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
>
> We are trying to run an at job which echoes something on the terminal as
> below
>
> at 14:53
> at> echo "hello" > /dev/pts/1
> at> ^D
>
> When we run the above in the permissive mode we get hello on our term.
> However when we run in enforcing mode nothing seems to happen. We do not
> get any sealerts either.
>
> Can someone let us know what is going on in the enforcing mode and what
> would be a way to check the status of the job?
>
> Thanks
> Anamitra & Radha
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
Might be something dontaudited. You need to turn off audit rules temporarily
semodule -DB
Run your test
look for avc messages in /var/log/audit/audit.log pertaining to cron and terminals
You need to add those rules using audit2allow.
More information about the fedora-selinux-list
mailing list