Alan J. Gagne wrote:
Based on audit2allow I added the following to the audit policy
temporarily ( allow ifconfig_t usr_t:lnk_file read; ) so I could
start the agent both with and without these errors.
Checking the agents log and trace files showed no difference between the
two. It looks like the process completes successfully either way.
Do you have any recommendations for dontaudit I can try ?
Alan
Change
allow ifconfig_t usr_t:lnk_file read;
to
dontaudit ifconfig_t usr_t:lnk_file read;
This way a hacker could not trick ifconfig to follow a symlink under /usr.
Dan
--