[RFC] Obtaining PATH entry without audit userland
Steve Grubb
sgrubb at redhat.com
Fri Jan 11 00:32:04 UTC 2008
On Thursday 10 January 2008 19:27:18 Yuichi Nakamura wrote:
> One example of AVC message in 2.6.24.rc1 is below.
> #Type is broken for testing, do not warry about that :)
> audit(946684824.060:5): avc: denied { read } for pid=796 comm="httpd"
> name="index.html" dev=sda1 ino=61906 scontext=system_u:system_r:httpd_t
> tcontext=system_u:object_r:etc_shadow_t tclass=file audit(946684824.060:5):
> arch=2a syscall=5 per=800000 success=yes exit=5 a0=48d490 a1=0 a2=1b6
> a3=1b6 items=1 ppid=795 pid=796 auid=4294967295 uid=99 gid=99 euid=99
> suid=99 fsuid=99 egid=99 sgid=99 fsgid=99 tty=(none) comm="httpd"
> exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t key=(null)
>
> File name appears as name="index.html".
How can we recreate the problem so that we can see what is going on?
Thanks,
-Steve
More information about the Linux-audit
mailing list