Re: How do I figure out on what file dac_override is attempted?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2010-01-20 at 15:49 -0500, Daniel J Walsh wrote:
> On 01/20/2010 02:50 PM, Stephen Smalley wrote:
> > type=PATH msg=audit(01/20/2010 14:43:20.785:41253) : item=0 name=./capable_file/temp_file inode=841249 dev=fd:00 mode=file,644 ouid=root ogid=root rdev=00:00 obj=unconfined_u:object_r:test_file_t:s0 
> 
> Why does path begin with a ./capable_file/temp_file?

Because the audit system is collecting the pathname string that was
passed to the system call, and that pathname was a relative path.  But
note the CWD record which enables you to deduce the absolute path.

-- 
Stephen Smalley
National Security Agency

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux