ausearch / policy question
Cai Xianchao
caixianchao at cn.fujitsu.com
Fri Jul 25 06:27:26 UTC 2008
On Wednesday 23 July 2008 18:30:45 LC Bruzenak wrote:
> 2: why is ausearch producing the AVCs?
>
Low level is the minimum access needed to read files created by that
user.If the low level of a process is lower than the file's, it's
not permitted.
> type=AVC msg=audit(07/23/2008 17:18:44.292:1622) : avc: denied
> { read } for pid=4033 comm=ausearch name=audit.log dev=dm-0 ino=24698
> scontext=root:staff_r:staff_t:s0-s15:c0.c1023
> tcontext=system_u:object_r:auditd_log_t:s15:c0.c1023 tclass=file
>
>
In the message, the level of audit.log is s15:c0.c1023, while the current
process is s0. So the process can't read audit.log and AVSs are producted.
Regards
Cai Xianchao
More information about the Linux-audit
mailing list