Re: dac_override and dac_read_search ... again!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/04/2010 02:07 PM, Mr Dash Four wrote:
> 
>> You have some file that has ownereship such that root can not access the
>> file via permissions.
>>
>> You need to turn on full auditing to get the path of the offending file.
>>
>> Execute
>>
>> auditctl -w /etc/shadow -p w
>>
>> And see if you can generate the error again.  Then you should get a path
>> with the next avc message.
>>   
> As far as I know, for this to work I would need to have auditd running, 
> isn't that the case? As I pointed in my initial post, auditd cannot start!
> 
> OK, I can force permissive mode, then start auditd, switch back to 
> enforced mode and then execute auditctl. Then, may be, I could find the 
> offending path/files causing the issues with the other programs I have 
> listed in my logs, but how do I deal with the auditd itself? auditctl 
> requires auditd to be running in order to show the paths, isn't that not 
> the case?
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
I would boot the machine in permissive mode and with the audit flag set.
 You should still get the audit messages and the PATH message.

Most likely this is a file in /etc/  Likely candidates would be
something like resolv.conf, services hosts.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxZt7QACgkQrlYvE4MpobPQwACgmHdnWJVZf6ukCbEmIA7gVwRa
8LYAn28LRvb5z9Acl3VFZLcb6/W3rAT3
=LCjZ
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux