audit2allow failure

Daniel J Walsh dwalsh at redhat.com
Wed Nov 14 16:44:09 UTC 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gene Heskett wrote:
> Greetings;
> 
> Running selinux in permissive mode, the /var/log/audit/audit.log was filling 
> up with squawks re cron jobs.  Seeing an example on how to run audit2allow, I 
> thought I'd try it to see if that would shut the muttering up.
> 
> [root at coyote ~]# audit2allow -M local -i /var/log/audit/audit.log
> compilation failed:
> (unknown source)::ERROR 'syntax error' at token '' on line 6:
> 
> 
> /usr/bin/checkmodule:  error(s) encountered while parsing configuration
> /usr/bin/checkmodule:  loading policy configuration from local.te
> 
> I can't see anything different about line 6 of the log, but here is a head of 
> that file:
> 
> type=USER_ACCT msg=audit(1193734801.287:27922): user pid=11880 uid=0 
> auid=4294967295 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" 
> (hostname=?, addr=?, terminal=cron res=success)'
> type=CRED_ACQ msg=audit(1193734801.288:27923): user pid=11880 uid=0 
> auid=4294967295 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" 
> (hostname=?, addr=?, terminal=cron res=success)'
> type=USER_START msg=audit(1193734801.288:27924): user pid=11880 uid=0 
> auid=4294967295 msg='PAM: session open acct=root : exe="/usr/sbin/crond" 
> (hostname=?, addr=?, terminal=cron res=success)'
> type=CRED_DISP msg=audit(1193734801.312:27925): user pid=11880 uid=0 
> auid=4294967295 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" 
> (hostname=?, addr=?, terminal=cron res=success)'
> type=USER_END msg=audit(1193734801.312:27926): user pid=11880 uid=0 
> auid=4294967295 msg='PAM: session close acct=root : exe="/usr/sbin/crond" 
> (hostname=?, addr=?, terminal=cron res=success)'
> type=USER_ACCT msg=audit(1193734861.316:27927): user pid=11969 uid=0 
> auid=4294967295 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" 
> (hostname=?, addr=?, terminal=cron res=success)'
> type=CRED_ACQ msg=audit(1193734861.316:27928): user pid=11969 uid=0 
> auid=4294967295 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" 
> (hostname=?, addr=?, terminal=cron res=success)'
> 
> 
> contents of local.te:
> ------
> module local 1.0;
> 
> 
> 
> EOF
> ------
> 
> The example command line shown above is I assume is correct, is it not?
> 
Those are not avc messages.  They are standard audit messages generated
by the audit system.  So since audit2allow did not find any avc messages
it is failing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHOyXYrlYvE4MpobMRAkoyAKDMPonZj157sHtxdG4pXjo006bPzQCgiDd4
uanVb4jYUbkBkjv+mHjvSJI=
=89cl
-----END PGP SIGNATURE-----

More information about the fedora-selinux-list mailing list