on machine with CPU -> 100%, lots of avc's
Christopher Beland
beland at alum.mit.edu
Thu Feb 5 03:45:22 UTC 2009
Try (as root):
service auditd restart
and see if auditd returns OK or FAIL? It might spit out some errors, or
put something in /var/log/messages. If it complains about the log not
being writable by owner, then "chmod u+w /var/log/audit/*" is what
fixed it for me.
It could also be an SELinux problem, but only if you have
SELINUX=enforcing in /etc/selinux/config. On my test machine, I
generally set SELINUX=permissive there so I see avc denials, but
everything continues working even if there is an SELinux
misconfiguration.
> Disable SELinux and AVCs will be gone. Forever.
I agree SELinux can be quite frustrating once you start customizing
services, and I have been known to turn it off entirely for that reason.
But for testing purpose, it's extremely useful to have people like us
stumble across avc denials so the general public doesn't have to, and
they can enjoy the security benefits.
-B.
More information about the fedora-test-list
mailing list