[redhat-lspp] staff_u:auditadm_r:auditadm_t:SystemHigh unable to run_init
Michael C Thompson
thompsmc at us.ibm.com
Tue Oct 17 14:52:40 UTC 2006
Hey Dan,
It looks like auditadm is unable to use run_init at SystemHigh. Is this
intended? The functionality I am looking for is for auditadm to be able
to restart the audit daemon and view the audit log without changing
levels. I am not sure if this desirable in terms of a certified system
or not.
Below are the AVC messages I am seeing, also I've noticed that we are
getting another (unrelated to this problem) AVC message, posted below too.
Thanks,
Mike
# run_init /etc/init.d/auditd status
Authenticating ealuser.
Password:
run_init: error while loading shared libraries: /lib/ld.so.1: cannot
apply additional memory protection after relocation: Permission denied
# ls -Z /lib/ld.so.1
lrwxrwxrwx root root system_u:object_r:lib_t:s0 /lib/ld.so.1 ->
ld-2.5.so
run_init generates this unrelated AVC message pre-authentication:
type=AVC msg=audit(1161096443.514:2865): avc: denied { write } for
pid=1483 comm="mcstransd" name="[94291]" dev=sockfs ino=94291
scontext=system_u:system_r:setrans_t:s0-s15:c0.c1023
tcontext=system_u:system_r:setrans_t:s15:c0.c1023 tclass=unix_stream_socket
type=SYSCALL msg=audit(1161096443.514:2865): arch=14 syscall=146
success=no exit=-13 a0=5 a1=ff43f9cc a2=3 a3=0 items=0 ppid=1 pid=1483
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="mcstransd" exe="/sbin/mcstransd"
subj=system_u:system_r:setrans_t:s0-s15:c0.c1023 key=(null)
type=AVC_PATH msg=audit(1161096443.514:2865): path="socket:[94291]"
run_init generated these messges post-authentication:
type=AVC msg=audit(1161096470.006:2867): avc: denied { getattr } for
pid=1483 comm="mcstransd"
scontext=system_u:system_r:setrans_t:s0-s15:c0.c1023
tcontext=staff_u:auditadm_r:run_init_t:s15:c0.c1023 tclass=process
type=SYSCALL msg=audit(1161096470.006:2867): arch=14 syscall=3
success=no exit=-13 a0=6 a1=10022b68 a2=ffff a3=10032b68 items=0 ppid=1
pid=1483 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) comm="mcstransd" exe="/sbin/mcstransd"
subj=system_u:system_r:setrans_t:s0-s15:c0.c1023 key=(null)
type=AVC msg=audit(1161096470.018:2868): avc: denied { use } for
pid=13225 comm="open_init_pty" name="ld-2.5.so" dev=hda3 ino=1781183
scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023
tcontext=staff_u:auditadm_r:run_init_t:s15:c0.c1023 tclass=fd
type=SYSCALL msg=audit(1161096470.018:2868): arch=14 syscall=125
success=no exit=-13 a0=f7fd0000 a1=10000 a2=1 a3=100007ac items=0
ppid=13111 pid=13225 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts1 comm="open_init_pty"
exe="/usr/sbin/open_init_pty"
subj=system_u:system_r:initrc_t:s0-s15:c0.c1023 key=(null)
type=AVC_PATH msg=audit(1161096470.018:2868): path="/lib/ld-2.5.so"
More information about the redhat-lspp
mailing list