On Fri, 2006-07-07 at 18:06 -0500, Ian Pilcher wrote: > Stephen Smalley wrote: > > Looks like the Fedora hwclock is instrumented to generate an audit > > record, but policy doesn't yet allow it to do so. These capability > > checks used to be silent (no auditing) since they occur on netlink recv, > > but a recent patch has enabled SELinux to generate audit messages on the > > netlink recv capability checks. So we can expect these types of denials > > to show up now. Should be allowed in this case. > > So it's generating an audit message, because it wasn't allowed to > generate an audit message? No, the kernel is generating an audit message about a permission denial on hwclock's attempt to generate its own user audit message (with its own content, which could be arbitary). -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
