On Fri, 2005-05-20 at 18:24 +0300, George J. Jahchan wrote: > Followed your instructions, adding 'audit write & audit_control' at the end of > the capability section in the policy/flask/access_vectors elicits the following > error message when making the policy: That's audit_write and audit_control - two permissions, not three. > ... too many permissions to fit in an access vector. Off-by-one bug in checkpolicy, fixed after FC3, but shouldn't matter as you only need two permissions here. > Bearing in mind that the machines are live production hosts, how do you > recommend we address this (from the available choices below)? > > 1) For a limited period of time (until FC4 is released), we can live with having > to switch to permissive mode in order to start the audit daemon, and revert back > to enforcing mode after it starts. The hosts are not taken down that often. > > 2) We can upgrade to FC4 strict policy, with no assurance that it will work or > not cause other problems. > > 3) We can upgrade to pre-release FC4, again with no assurance that it will work > or will not introduce new weaknesses. I've sent (via separate email) a copy of our current policy/flask/security_classes, policy/flask/access_vectors, policy/domains/program/auditd.te, and policy/file_contexts/program/auditd.fc, so you can at least try those to see if they resolve your issue for auditd (and they shouldn't impact anything else). If that resolves your problem, then feel free to stay with FC3 until FC4 is out (schedule says June 6). -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
