Selinux Audit "Unmatched Entries"?
Daniel J Walsh
dwalsh at redhat.com
Thu Jul 30 17:34:23 UTC 2009
On 07/30/2009 10:08 AM, Frank Murphy wrote:
> On 30/07/09 15:05, Daniel J Walsh wrote:
>> On 07/30/2009 04:49 AM, Frank Murphy wrote:
>>> Waht does all this mean from logwatch,
>>> What are in plain speak unmatched entries?
>>>
>>>
> --SNIP--
>>>
>> These are audit messages, not SELinux AVC messages or any kind of
>> SELinux message.
>
> They can be safely ignored then
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Yes these messages are the audit system telling you that readahead added an removed some rules to the audit system at boot time.
I believe readahead now adds a rule to watch for all file opens at boot until it is finished, it then records the file opens and saves them, to reconfigure itself for the next boot, to be more efficient. Your mileage may vary.
So I think whatever is searching for these rules should ignore them as expected.
More information about the fedora-selinux-list
mailing list