logwatch/pidof avcs
Steve G
linux_4ever at yahoo.com
Wed Dec 28 15:25:53 UTC 2005
Hi,
I'm using today's rawhide and see these scroll occasionally:
type=PATH msg=audit(12/28/2005 09:47:17.210:107) : item=0 name=/proc/2675/stat
inode=175308814 dev=00:03 mode=file,444 ouid=root ogid=root rdev=00:00
obj=system_u:system_r:local_login_t:s0-s0:c0.c255
type=CWD msg=audit(12/28/2005 09:47:17.210:107) : cwd=/
type=SYSCALL msg=audit(12/28/2005 09:47:17.210:107) : arch=x86_64 syscall=open
success=no exit=-13(Permission denied) a0=7fffffbaa110 a1=0 a2=1b6 a3=0 items=1
pid=3204 auid=unknown(4294967295) uid=root gid=root euid=root suid=root
fsuid=root egid=root sgid=root fsgid=root comm=pidof exe=/sbin/killall5
subj=system_u:system_r:crond_t:s0
type=AVC msg=audit(12/28/2005 09:47:17.210:107) : avc: denied { read } for
pid=3204 comm=pidof name=stat dev=proc ino=175308814
scontext=system_u:system_r:crond_t:s0
tcontext=system_u:system_r:local_login_t:s0-s0:c0.c255 tclass=file
This occurs for a number of /prod/pid/stat entries. It appears to be coming from
logwatch.
-Steve
__________________________________
Yahoo! for Good - Make a difference this year.
http://brand.yahoo.com/cybergivingweek2005/
More information about the fedora-selinux-list
mailing list