No avcs generated after running at jobs in enforcing mode

Daniel J Walsh dwalsh at redhat.com
Wed Oct 21 21:08:27 UTC 2009


On 10/20/2009 07:52 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
>  
> We are trying to run an at job which echoes something on the terminal as
> below
> 
>  at 14:53
>  at> echo "hello"  > /dev/pts/1
>  at> ^D
> 
> When we run the above in the permissive mode we get hello on our term.
> However when we run in enforcing mode nothing seems to happen. We do not
> get any sealerts either.
> 
> Can someone let us know what is going on in the enforcing mode and what
> would be a way to check the status of the job?
> 
> Thanks
> Anamitra & Radha 
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> 
> 
Might be something dontaudited. You need to turn off audit rules temporarily

semodule -DB
Run your test
look for avc messages in /var/log/audit/audit.log pertaining to cron and terminals

You need to add those rules using audit2allow.




More information about the fedora-selinux-list mailing list