Possibly wrong audit messages
Glauber de Oliveira Costa
glommer at br.ibm.com
Mon Jun 12 12:36:09 UTC 2006
Hi,
I'm in a FC5 box, and tryied to shoot an setsebool command as
secadm_r:SystemHigh (mls policy)
Instead of an audit message identifying the set operation, I'm getting 81 AVC
messages (81 is the number of booleans present in /selinux/booleans/)
indicating a success. Such a large number of messages makes the correct
information hard to find, IMHO. This does not seem to be the right behaviour
to me.
A typical message looks like this:
type=AVC msg=audit(1149411239.670:6462): avc: granted { setbool }
for pid=3460 comm="setsebool" scontext=root:secadm_r:secadm_t:s15:c0.c255
tcontext=system_u:object_r:security_t:s15:c0.c255 tclass=security
If this is really the expected behaviour, sorry for the bogus report.
--
"Free as in Freedom"
Glauber de Oliveira Costa
More information about the Linux-audit
mailing list