FC5 MLS Policy: auditctl permission denied
Michael C Thompson
mcthomps at us.ibm.com
Fri Mar 31 15:51:07 UTC 2006
linux-audit-bounces at redhat.com wrote on 03/31/2006 09:36:38 AM:
>
> Daniel J Walsh <dwalsh at redhat.com> wrote on 03/30/2006 04:39:06 PM:
>
> > New policy on ftp://people.redhat.com/dwalsh/SELinux/Fedora
> >
> > Made the changes to allow the transition. I don't have access to an
MLS
> > machine til tomorrow but this should fix it.
> > selinux-policy-targeted-2.2.28-3
> > Dan
>
> Hi Dan,
>
> I just tried the recent policy files available from the above listed
> people page, and I'm being DoS'd from my own machine with a stream
> of audit avc denied messages. From what I can gleam from the stream
> of text, itklogd is being denied {search}.
Sorry, that should read "its 'klogd' being denied {search}". I never got
that logged so I can't send you the exact message. If I manage to trap it,
I'll send it on. Having the system boot the MLS policy with enforcing mode
on as default will cause this DoS to appear for me. Booting with
permissive mode is fine. On the plus side, auditctl works for secadm_r,
but has lost access to the /root directory, which secadm_r previous had
access to.
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20060331/c5d92562/attachment.htm>
More information about the Linux-audit
mailing list