useradd - audit_write ?
Tom London
selinux at gmail.com
Thu Jul 13 14:16:22 UTC 2006
Running selinux-policy-2.3.2-1 targeted/permissive.
Doing my usual 'yum update' of yesterday's rawhide (including
selinux-policy-2.3.2-2), I noticed this in audit log:
type=AVC msg=audit(1152799768.153:34): avc: denied { audit_write }
for pid=3084 comm="useradd" capability=29
scontext=user_u:system_r:useradd_t:s0
tcontext=user_u:system_r:useradd_t:s0 tclass=capability
type=USER_CHAUTHTOK msg=audit(1152799768.153:35): user pid=3084 uid=0
auid=500 subj=user_u:system_r:useradd_t:s0 msg='op=adding user
acct=dbus exe="/usr/sbin/useradd" (hostname=?, addr=?, terminal=pts/0
res=failed)'
type=SYSCALL msg=audit(1152799768.153:34): arch=40000003 syscall=102
success=yes exit=116 a0=b a1=bf95a240 a2=6ecff4 a3=bf96068e items=0
ppid=3083 pid=3084 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 comm="useradd" exe="/usr/sbin/useradd"
subj=user_u:system_r:useradd_t:s0 key=(null)
type=SOCKADDR msg=audit(1152799768.153:34): saddr=100000000000000000000000
type=SOCKETCALL msg=audit(1152799768.153:34): nargs=6 a0=3 a1=bf95e4dc
a2=74 a3=0 a4=bf95a270 a5=c
tom
--
Tom London
More information about the fedora-selinux-list
mailing list