Steve G wrote:
I feel is,if these messages are due to CAP_AUDIT_WRITE capability problem
then,adding this line to policy would have fixed the problem but that was not
happening.
allow initrc_t self:capability { audit_write audit_control };
There are 2 ways that the syscall can fail, MAC checks and DAC checks. The above
line may help MAC checks, but does nothing for the DAC check. I have a patch in
rawhide that is being tested so that when dbus changes from root to the dbus
user, it retains that capability. When I'm satisfied that I haven't introduced a
new bug with that patch, I'll port it to dbus in RHEL4 - maybe U4.
Thank you Steve for your reply.
I heard that you already have the patch for Fedora which causes the dbus to
retain capabality after changing from root to dbus user.
Can you please give that patch or send the link containing the patch so
that I will test it on my Fedora machine.
does it fill the logs with it? If you just get a couple, all is well.
These meesages sometimes fills log,and appears on execution of
setenforce,make load and some selinux command.
There was an updated targeted policy released after U2 that should alleviate any
MAC check problems. The DAC check problem shouldn't fill your logs.
-Steve
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
