Audisp plugin and SELinux
Lev Stipakov
lstipakov at gmail.com
Wed Feb 24 14:40:13 UTC 2016
Hello,
My audisp plugin has a file-based database in /var/lib/xxx directory. I
noticed that on systems with SELinux enabled plugin cannot read/write
that file.
According to ps, plugin is run under audisp_t domain:
-bash-4.1$ ps axZ | grep plugin
unconfined_u:system_r:audisp_t:s0 1845 ? S< 0:00 /usr/sbin/plugin 1
Obviously I don't want to disable SELinux. What would be the recommended
way to allow plugin read/write file(s) under /var/run/xxx ?
-Lev
More information about the Linux-audit
mailing list