-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gene Heskett wrote: > Greetings; > > Running selinux in permissive mode, the /var/log/audit/audit.log was filling > up with squawks re cron jobs. Seeing an example on how to run audit2allow, I > thought I'd try it to see if that would shut the muttering up. > > [root@coyote ~]# audit2allow -M local -i /var/log/audit/audit.log > compilation failed: > (unknown source)::ERROR 'syntax error' at token '' on line 6: > > > /usr/bin/checkmodule: error(s) encountered while parsing configuration > /usr/bin/checkmodule: loading policy configuration from local.te > > I can't see anything different about line 6 of the log, but here is a head of > that file: > > type=USER_ACCT msg=audit(1193734801.287:27922): user pid=11880 uid=0 > auid=4294967295 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" > (hostname=?, addr=?, terminal=cron res=success)' > type=CRED_ACQ msg=audit(1193734801.288:27923): user pid=11880 uid=0 > auid=4294967295 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" > (hostname=?, addr=?, terminal=cron res=success)' > type=USER_START msg=audit(1193734801.288:27924): user pid=11880 uid=0 > auid=4294967295 msg='PAM: session open acct=root : exe="/usr/sbin/crond" > (hostname=?, addr=?, terminal=cron res=success)' > type=CRED_DISP msg=audit(1193734801.312:27925): user pid=11880 uid=0 > auid=4294967295 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" > (hostname=?, addr=?, terminal=cron res=success)' > type=USER_END msg=audit(1193734801.312:27926): user pid=11880 uid=0 > auid=4294967295 msg='PAM: session close acct=root : exe="/usr/sbin/crond" > (hostname=?, addr=?, terminal=cron res=success)' > type=USER_ACCT msg=audit(1193734861.316:27927): user pid=11969 uid=0 > auid=4294967295 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" > (hostname=?, addr=?, terminal=cron res=success)' > type=CRED_ACQ msg=audit(1193734861.316:27928): user pid=11969 uid=0 > auid=4294967295 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" > (hostname=?, addr=?, terminal=cron res=success)' > > > contents of local.te: > ------ > module local 1.0; > > > > EOF > ------ > > The example command line shown above is I assume is correct, is it not? > Those are not avc messages. They are standard audit messages generated by the audit system. So since audit2allow did not find any avc messages it is failing. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHOyXYrlYvE4MpobMRAkoyAKDMPonZj157sHtxdG4pXjo006bPzQCgiDd4 uanVb4jYUbkBkjv+mHjvSJI= =89cl -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
