audit 1.2.2 released
Chad Hanson
chanson at TrustedCS.com
Thu May 25 15:50:31 UTC 2006
Comments below...
>
> I've been running mostly on an i686 (Intel) with the .27 kernel and
> 1.2.2 tools with the MLS policy. I've tested this on an x86_64 (AMD
> opteron) and see this problem too. However, this problem does
> NOT exist
> when using targeted policy, so it is most likely an MLS SELinux issue.
> My MLS policy is 2.2.42
>
> > Can you describe more about your configuration and provide exact steps
> > to reproduce the problem?
>
> 1) Reboot your system (so you've a clean slate)
> 2) Login (tty or pty, doesn't matter, I've done both)
> 3) auditctl -l
> Error sending rule list request (Operation not permitted)
> 4) auditctl -l
> No rules (or whatever you expect to see)
Are you running enforcing or permissive?
I only see this behavior on the LSPP kernels (including 28) after
transitioning to permissive mode, but not on the FC5 2.6.15 2054 kernel
running MLS with the same procedures.
Also, I don't see this behavior the same way. I can reboot, login, newrole
to auditadm_r and run auditctl -l correctly everytime.
The problem behavior I see is as follows below
1) newrole to secadm_r
2) auditctl -l -- denied as expected.
3) setenforce 0
4) auditctl -l -- denied (WRONG)
5) auditctl -l -- works correctly (can repeat as many times as desired)
6) setenforce 1 -- everything is back to normal
repeat from #3 to see problems again
-Chad
More information about the Linux-audit
mailing list