On Mon, 2005-11-14 at 11:31 -0700, Craig White wrote: > audit2allow doesn't show anything concerning the dbus error. That still > is present. The above did fix the problem with connecting between httpd > -> mysql.sock so that is cool. The dbus error has been around for a > while and it doesn't seem to prevent anything that I need but would like > the education of it - so it remains. > > audit2allow doesn't have a man page so I haven't garnered much of > anything that isn't in audit2allow --help. audit2allow man page is available from: http://cvs.sourceforge.net/viewcvs.py/*checkout*/selinux/nsa/selinux-usr/policycoreutils/audit2allow/audit2allow.1 The dbus output suggests two separate problems: 1) dbusd is denying an attempt to send a message through it (this is what you see from the message= payload with the avc: denied message), which can be addressed by adding an appropriate allow rule to policy and reloading it, and 2) dbusd is encountering an error when trying to send the audit message for the above denial to the audit system (this is the "Can't send to audit system" prefix), and thus falls back to using syslog to log the audit message along with the warning. This problem may or may not be due to SELinux (e.g. SELinux might be denying permission to send the audit message to the audit system, or there may be some other error, e.g. since dbusd doesn't run as root, it might not be allowed to use the audit system anyway). -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
