On Mon, 2006-07-10 at 08:05 -0700, Tom London wrote: > On 7/7/06, Ian Pilcher <i.pilcher@xxxxxxxxxxx> wrote: > > Stephen Smalley wrote: > > > Looks like the Fedora hwclock is instrumented to generate an audit > > > record, but policy doesn't yet allow it to do so. These capability > > > checks used to be silent (no auditing) since they occur on netlink recv, > > > but a recent patch has enabled SELinux to generate audit messages on the > > > netlink recv capability checks. So we can expect these types of denials > > > to show up now. Should be allowed in this case. > > > > So it's generating an audit message, because it wasn't allowed to > > generate an audit message? > > > > I've only had half a beer... > > > > -- > > ======================================================================== > > Ian Pilcher i.pilcher@xxxxxxxxxxx > > ======================================================================== > > > A slight side question: > > hwclock seems to be producing audit messages either before or after > auditd has started/exited. I see a message on shutdown, but it appears > not to be logged anywhere. > > Does that meet auditing requirements? Something to ask over on linux-audit, not here. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
