watching files in selinuxfs
Steve Grubb
sgrubb at redhat.com
Thu Sep 28 20:33:58 UTC 2006
On Wednesday 27 September 2006 17:26, Debora Velarde wrote:
> When in enforcing mode, I am only able to audit files in selinuxfs by
> inode, not by path. I am running as auditadm_r.
>
> /* Try adding audit rule with -F path */
> # auditctl -a exit,always -S open -F path=/selinux/enforce
> Error sending add rule request (Permission denied)
When I do this command, I see AVC's:
time->Thu Sep 28 16:25:12 2006
type=AVC msg=audit(1159475112.366:289): avc: denied { getattr } for
pid=12893 comm="auditctl" name="/" dev=hda7 ino=2
scontext=root:system_r:auditctl_t:s0-s0:c0.c255
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
allow auditctl_t fs_t:filesystem getattr;
allow auditctl_t security_t:dir search;
-Steve
More information about the Linux-audit
mailing list