On 7/7/06, Ian Pilcher <i.pilcher@xxxxxxxxxxx> wrote:
Stephen Smalley wrote: > Looks like the Fedora hwclock is instrumented to generate an audit > record, but policy doesn't yet allow it to do so. These capability > checks used to be silent (no auditing) since they occur on netlink recv, > but a recent patch has enabled SELinux to generate audit messages on the > netlink recv capability checks. So we can expect these types of denials > to show up now. Should be allowed in this case. So it's generating an audit message, because it wasn't allowed to generate an audit message? I've only had half a beer... -- ======================================================================== Ian Pilcher i.pilcher@xxxxxxxxxxx ========================================================================
A slight side question: hwclock seems to be producing audit messages either before or after auditd has started/exited. I see a message on shutdown, but it appears not to be logged anywhere. Does that meet auditing requirements? tom -- Tom London -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
