FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 04-01-2012, 01:12 PM
Frank Murphy
 
Default audit avc F16

Currently auditd fails to start on a particular guest.

service auditd restart
Redirecting to /bin/systemctl restart auditd.service
[ 199.986682] type=1400 audit(1333285442.114:6): avc: denied {
dac_override } for pid=1409 comm="auditd" capability=1
scontext=system_u:system_r:auditd_t:s0
tcontext=system_u:system_r:auditd_t:s0 tclass=capability
[ 199.988842] type=1400 audit(1333285442.116:7): avc: denied {
dac_read_search } for pid=1409 comm="auditd" capability=2
scontext=system_u:system_r:auditd_t:s0
tcontext=system_u:system_r:auditd_t:s0 tclass=capability

Job failed. See system logs and 'systemctl status' for details.


systemctl status auditd.service
gives nothing extra to above.


--
Regards,
Frank
"Jack of all, fubars"
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 04-02-2012, 06:19 PM
Daniel J Walsh
 
Default audit avc F16

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/01/2012 09:12 AM, Frank Murphy wrote:
> Currently auditd fails to start on a particular guest.
>
> service auditd restart Redirecting to /bin/systemctl restart
> auditd.service [ 199.986682] type=1400 audit(1333285442.114:6): avc:
> denied { dac_override } for pid=1409 comm="auditd" capability=1
> scontext=system_u:system_r:auditd_t:s0
> tcontext=system_u:system_r:auditd_t:s0 tclass=capability [ 199.988842]
> type=1400 audit(1333285442.116:7): avc: denied { dac_read_search } for
> pid=1409 comm="auditd" capability=2 scontext=system_u:system_r:auditd_t:s0
> tcontext=system_u:system_r:auditd_t:s0 tclass=capability Job failed. See
> system logs and 'systemctl status' for details.
>
>
> systemctl status auditd.service gives nothing extra to above.
>
>
dav_override and dav_read_search almost always means you have a file with the
wrong ownership/permissions on it. This indicates you have a root process
that does not have read or write access to a file based on permissions. The
way to find the object that auditd is not being allowed to access is to turn
on full auditing. For example execute


auditctl -w /etc/shadow

Then start the audit service and see if you get an avc including the PATH
record, you may need to do this in permissive role, or run auditd in permissive

semanage permissive -a auditd_t


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk957c8ACgkQrlYvE4MpobN2iwCdF8uwbWBkRD NapREbAFu0Jqh4
OQkAoL3/3Voq+qa/hYXlw9f71C1H8s8N
=6k/o
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 07:45 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org