SELinux and logging
Jennifer Hadley
jenn.hadley at gmail.com
Thu Jan 5 22:18:05 UTC 2006
On 1/5/06, Dracula <countofdracula at gmail.com> wrote:
>
>
>
>
> The following error
> messages appear in the
> log-file: Jan 4 16:01:43
> app1 dbus: Can't send to
> audit system: USER_AVC
> pid=2982 uid=81
> loginuid=-1 message=avc:
> denied { send_msg } for
> scontext=user_u:system_r:initrc_t tcontext=user_u:system_r:unconfined_t
> tclass=dbus Jan 4 16:01:44 app1 dbus: Can't send to audit system: USER_AVC
> pid=2982 uid=81 loginuid=-1 message=avc: denied { send_msg } for
> scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t
> tclass=dbus What causes these and what can be done to avoide them?
>
> Thanks
>
> Regards,
>
> Komal
I've been seeing the same messages on a RHEL4 AS system,
This is supose to be a known issue in code added to dbus that sends avc
denial messages through libaudit, but dbus isn't allow to write to the audit
daemon by selinux
A new errata of the selinux-targeted-policy is suppose to be release soon to
fix this. You can download a version from here:
ftp://people.redhat.com/dwalsh/SELinux/RHEL4/u3/noarch
I wasn't able to install this rpm due to dependancy issues, so I ended up
changing the selinux policies following instructions I found on the centos
list
as root:
up2date selinux-targeted-policy-sources
create a /etc/selinux/targeted/src/policy/domains/local.te file with the
following entry:
# dbus
allow unconfined_t initrc_t:dbus send_msg;
cd /etc/selinux/targeted/src/
make reload
So far it seems to work
Jennifer
More information about the redhat-list
mailing list