Re: Latest kernel (2356), avc's on hwclock

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2006-07-10 at 08:05 -0700, Tom London wrote:
> On 7/7/06, Ian Pilcher <i.pilcher@xxxxxxxxxxx> wrote:
> > Stephen Smalley wrote:
> > > Looks like the Fedora hwclock is instrumented to generate an audit
> > > record, but policy doesn't yet allow it to do so.  These capability
> > > checks used to be silent (no auditing) since they occur on netlink recv,
> > > but a recent patch has enabled SELinux to generate audit messages on the
> > > netlink recv capability checks.  So we can expect these types of denials
> > > to show up now.  Should be allowed in this case.
> >
> > So it's generating an audit message, because it wasn't allowed to
> > generate an audit message?
> >
> > I've only had half a beer...
> >
> > --
> > ========================================================================
> > Ian Pilcher                                        i.pilcher@xxxxxxxxxxx
> > ========================================================================
> >
> A slight side question:
> 
> hwclock seems to be producing audit messages either before or after
> auditd has started/exited. I see a message on shutdown, but it appears
> not to be logged anywhere.
> 
> Does that meet auditing requirements?

Something to ask over on linux-audit, not here.

-- 
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux