Re: useradd - audit_write ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2006-07-13 at 07:16 -0700, Tom London wrote:
> Running selinux-policy-2.3.2-1 targeted/permissive.
> 
> Doing my usual 'yum update' of yesterday's rawhide (including
> selinux-policy-2.3.2-2), I noticed this in audit log:
> 
> type=AVC msg=audit(1152799768.153:34): avc:  denied  { audit_write }
> for  pid=3084 comm="useradd" capability=29
> scontext=user_u:system_r:useradd_t:s0
> tcontext=user_u:system_r:useradd_t:s0 tclass=capability
> type=USER_CHAUTHTOK msg=audit(1152799768.153:35): user pid=3084 uid=0
> auid=500 subj=user_u:system_r:useradd_t:s0 msg='op=adding user
> acct=dbus exe="/usr/sbin/useradd" (hostname=?, addr=?, terminal=pts/0
> res=failed)'
> type=SYSCALL msg=audit(1152799768.153:34): arch=40000003 syscall=102
> success=yes exit=116 a0=b a1=bf95a240 a2=6ecff4 a3=bf96068e items=0
> ppid=3083 pid=3084 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=pts0 comm="useradd" exe="/usr/sbin/useradd"
> subj=user_u:system_r:useradd_t:s0 key=(null)
> type=SOCKADDR msg=audit(1152799768.153:34): saddr=100000000000000000000000
> type=SOCKETCALL msg=audit(1152799768.153:34): nargs=6 a0=3 a1=bf95e4dc
> a2=74 a3=0 a4=bf95a270 a5=c

Yes, another program instrumented for audit generation, needs that
capability.   Why wasn't this taken care of when these programs were
originally instrumented for audit?  (We are only now getting audit
denials due to the netlink capability checking patch that went into
recent kernels, but this would have been getting denied all along, so I
would have expected it to show up in testing).

-- 
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux