-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/01/2012 09:12 AM, Frank Murphy wrote:
> Currently auditd fails to start on a particular guest.
>
> service auditd restart Redirecting to /bin/systemctl restart
> auditd.service [ 199.986682] type=1400 audit(1333285442.114:6): avc:
> denied { dac_override } for pid=1409 comm="auditd" capability=1
> scontext=system_u:system_r:auditd_t:s0
> tcontext=system_u:system_r:auditd_t:s0 tclass=capability [ 199.988842]
> type=1400 audit(1333285442.116:7): avc: denied { dac_read_search } for
> pid=1409 comm="auditd" capability=2 scontext=system_u:system_r:auditd_t:s0
> tcontext=system_u:system_r:auditd_t:s0 tclass=capability Job failed. See
> system logs and 'systemctl status' for details.
>
>
> systemctl status auditd.service gives nothing extra to above.
>
>
dav_override and dav_read_search almost always means you have a file with the
wrong ownership/permissions on it. This indicates you have a root process
that does not have read or write access to a file based on permissions. The
way to find the object that auditd is not being allowed to access is to turn
on full auditing. For example execute
auditctl -w /etc/shadow
Then start the audit service and see if you get an avc including the PATH
record, you may need to do this in permissive role, or run auditd in permissive
semanage permissive -a auditd_t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk957c8ACgkQrlYvE4MpobN2iwCdF8uwbWBkRDNapREbAFu0Jqh4
OQkAoL3/3Voq+qa/hYXlw9f71C1H8s8N
=6k/o
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
