audit2allow failure
Daniel J Walsh
dwalsh at redhat.com
Wed Nov 14 16:44:09 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gene Heskett wrote:
> Greetings;
>
> Running selinux in permissive mode, the /var/log/audit/audit.log was filling
> up with squawks re cron jobs. Seeing an example on how to run audit2allow, I
> thought I'd try it to see if that would shut the muttering up.
>
> [root at coyote ~]# audit2allow -M local -i /var/log/audit/audit.log
> compilation failed:
> (unknown source)::ERROR 'syntax error' at token '' on line 6:
>
>
> /usr/bin/checkmodule: error(s) encountered while parsing configuration
> /usr/bin/checkmodule: loading policy configuration from local.te
>
> I can't see anything different about line 6 of the log, but here is a head of
> that file:
>
> type=USER_ACCT msg=audit(1193734801.287:27922): user pid=11880 uid=0
> auid=4294967295 msg='PAM: accounting acct=root : exe="/usr/sbin/crond"
> (hostname=?, addr=?, terminal=cron res=success)'
> type=CRED_ACQ msg=audit(1193734801.288:27923): user pid=11880 uid=0
> auid=4294967295 msg='PAM: setcred acct=root : exe="/usr/sbin/crond"
> (hostname=?, addr=?, terminal=cron res=success)'
> type=USER_START msg=audit(1193734801.288:27924): user pid=11880 uid=0
> auid=4294967295 msg='PAM: session open acct=root : exe="/usr/sbin/crond"
> (hostname=?, addr=?, terminal=cron res=success)'
> type=CRED_DISP msg=audit(1193734801.312:27925): user pid=11880 uid=0
> auid=4294967295 msg='PAM: setcred acct=root : exe="/usr/sbin/crond"
> (hostname=?, addr=?, terminal=cron res=success)'
> type=USER_END msg=audit(1193734801.312:27926): user pid=11880 uid=0
> auid=4294967295 msg='PAM: session close acct=root : exe="/usr/sbin/crond"
> (hostname=?, addr=?, terminal=cron res=success)'
> type=USER_ACCT msg=audit(1193734861.316:27927): user pid=11969 uid=0
> auid=4294967295 msg='PAM: accounting acct=root : exe="/usr/sbin/crond"
> (hostname=?, addr=?, terminal=cron res=success)'
> type=CRED_ACQ msg=audit(1193734861.316:27928): user pid=11969 uid=0
> auid=4294967295 msg='PAM: setcred acct=root : exe="/usr/sbin/crond"
> (hostname=?, addr=?, terminal=cron res=success)'
>
>
> contents of local.te:
> ------
> module local 1.0;
>
>
>
> EOF
> ------
>
> The example command line shown above is I assume is correct, is it not?
>
Those are not avc messages. They are standard audit messages generated
by the audit system. So since audit2allow did not find any avc messages
it is failing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHOyXYrlYvE4MpobMRAkoyAKDMPonZj157sHtxdG4pXjo006bPzQCgiDd4
uanVb4jYUbkBkjv+mHjvSJI=
=89cl
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list