-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/04/2010 02:07 PM, Mr Dash Four wrote: > >> You have some file that has ownereship such that root can not access the >> file via permissions. >> >> You need to turn on full auditing to get the path of the offending file. >> >> Execute >> >> auditctl -w /etc/shadow -p w >> >> And see if you can generate the error again. Then you should get a path >> with the next avc message. >> > As far as I know, for this to work I would need to have auditd running, > isn't that the case? As I pointed in my initial post, auditd cannot start! > > OK, I can force permissive mode, then start auditd, switch back to > enforced mode and then execute auditctl. Then, may be, I could find the > offending path/files causing the issues with the other programs I have > listed in my logs, but how do I deal with the auditd itself? auditctl > requires auditd to be running in order to show the paths, isn't that not > the case? > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux I would boot the machine in permissive mode and with the audit flag set. You should still get the audit messages and the PATH message. Most likely this is a file in /etc/ Likely candidates would be something like resolv.conf, services hosts. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxZt7QACgkQrlYvE4MpobPQwACgmHdnWJVZf6ukCbEmIA7gVwRa 8LYAn28LRvb5z9Acl3VFZLcb6/W3rAT3 =LCjZ -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
