Hi Daniel,
On Thu, Jul 5, 2012 at 12:27 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> After turning on full auditing can you try it again and get the full AVC,
> including the PATH record.
On a freshly booted system, I turned on full auditing like this:
# auditctl -w /etc/shadow -p w
Then I started openafs like this:
# systemctl start openafs.service
which generated an AVC denial (output below).
# ausearch -m avc -ts recent
time->Fri Jul 6 11:20:49 2012
type=PATH msg=audit(1341566449.720:133): item=0 name="/etc/mtab"
inode=36536 dev=00:03 mode=0100444 ouid=0 ogid=0 rdev=00:00
obj=system_u:system_r:afs_t:s0
type=CWD msg=audit(1341566449.720:133): cwd="/"
type=SYSCALL msg=audit(1341566449.720:133): arch=c000003e syscall=2
success=no exit=-13 a0=42402b a1=80442 a2=1b6 a3=238 items=1 ppid=2752
pid=2753 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="afsd"
exe="/usr/sbin/afsd" subj=system_u:system_r:afs_t:s0 key=(null)
type=AVC msg=audit(1341566449.720:133): avc: denied { dac_override }
for pid=2753 comm="afsd" capability=1
scontext=system_u:system_r:afs_t:s0
tcontext=system_u:system_r:afs_t:s0 tclass=capability
Another strange thing, running systemctl status tells me "Can't open
/etc/mtab for writing (errno 13); not adding an entry for AFS", but I
see that /etc/mtab has the following line:
AFS /afs afs rw,relatime 0 0
I hope I have provided all the required information.
--
Suvayu
Open source is the future. It sets us free.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
