Stuff I found in my log?
Knute Johnson
knute at frazmtn.com
Wed May 24 04:00:03 UTC 2006
>On 5/23/06, Knute Johnson <knute at frazmtn.com> wrote:
>> I found some interesting things in my 'messages' log today. I'm not
>> sure what they mean and would appreciate any information.
>>
>> This one is the most bothersome. It appears that 'useradd' was
>> prevented from running this morning only I didn't run it. Would any
>> other programs run 'useradd' and what would cause it to be denied?
>>
>> May 23 05:11:49 rabbitbrush kernel: audit(1148386309.877:556): avc:
>> denied { write } for pid=13906 comm="useradd" name="[1708464]"
>> dev=pipefs ino=1708464 scontext=user_u:system_r:useradd_t:s0
>> tcontext=user_u:system_r:unconfined_t:s0 tclass=fifo_file
>>
>
>Need some more information to help on this:
>
>What is your OS and its version?
>What is your selinux set to?
>When was the last time you updated your system to?
FC5. Kernel 2.6.16-1.2111_FC5.
I assume you mean by to, is it enforcing and targeted? It is.
May 15 04:18:39 Updated: selinux-policy.noarch 2.2.38-1.fc5
May 15 04:20:24 Updated: selinux-policy-targeted.noarch 2.2.38-1.fc5
/etc/selinux/conf
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
Thanks very much,
--
Knute Johnson
Molon Labe...
More information about the fedora-selinux-list
mailing list