sds at epoch.ncsc.mil
Mon Dec 20 21:24:35 UTC 2004
On Mon, 2004-12-20 at 16:11, Browder, Tom wrote:
> I'm using the default strict policy for FC 3 SELinux for testing and
> I see denial messages when I do 'ls -l /etc/shadow', but nothing when I
> try to do 'mv /etc/shadow /etc/shadow.save'.
Unless your process has uid 0, then the latter command would be
prevented by ordinary Linux DAC and never reaches the SELinux permission
checks. Hence, you wouldn't see an audit message for it. The former
command would be allowed by Linux DAC and thus reaches the SELinux
checks (and audit).
> Uh, I think I read somewhere that only one of a message type will be
> seen in some situations, but I can't find it now.
That only occurs in permissive mode, to avoid flooding the logs In
enforcing mode, it should always audit each occurrence unless a rate
limit is being applied.
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list