SELinux policy reload cannot be sent to audit system
Laurent Bigonville
bigon at debian.org
Thu Nov 5 09:26:17 UTC 2015
Le 05/11/15 09:32, Laurent Bigonville a écrit :
> Le 05/11/15 04:23, Steve Grubb a écrit :
>> I tested this on Fedora 22 and did not get a USER_AVC from dbus, but
>> I also
>> did not get an error message in syslog. So, I don't know what to make
>> of it.
>> (And for the record, I have a bz open saying that USER_AVC is the
>> wrong event
>> type. They are blaming libselinux but I blame them for not using
>> AUDIT_USER_MAC_POLICY_LOAD.)
> The audit code in dbus has been refactored a bit in the version
> present F23 and debian unstable, so it might be related to this that.
>
> Do you still have the number of that bz bug?
BTW, systemd is also apparently sending a USER_AVC event when the policy
is reloaded.
More information about the Linux-audit
mailing list