> -----Original Message----- > From: fedora-selinux-list-bounces@xxxxxxxxxx > [mailto:fedora-selinux-list-bounces@xxxxxxxxxx] On Behalf Of > Stephen Smalley > Unless your process has uid 0, then the latter command would > be prevented by ordinary Linux DAC and never reaches the > SELinux permission checks. Hence, you wouldn't see an audit > message for it. The former command would be allowed by Linux > DAC and thus reaches the SELinux checks (and audit). Thanks, Stephen. Actually, I did a 'make load', rotated my logs to clear them out, and then did 'mv /etc/shadow /etc/shadow.save' as a normal user and got a long denial log message (get_attr). Tom Browder
