>I feel is,if these messages are due to CAP_AUDIT_WRITE capability problem
>then,adding this line to policy would have fixed the problem but that was not
>happening.
>
>allow initrc_t self:capability { audit_write audit_control };
There are 2 ways that the syscall can fail, MAC checks and DAC checks. The above
line may help MAC checks, but does nothing for the DAC check. I have a patch in
rawhide that is being tested so that when dbus changes from root to the dbus
user, it retains that capability. When I'm satisfied that I haven't introduced a
new bug with that patch, I'll port it to dbus in RHEL4 - maybe U4.
>> does it fill the logs with it? If you just get a couple, all is well.
>
>These meesages sometimes fills log,and appears on execution of
>setenforce,make load and some selinux command.
There was an updated targeted policy released after U2 that should alleviate any
MAC check problems. The DAC check problem shouldn't fill your logs.
-Steve
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
