On Saturday, 13 April 2019 1:26:06 PM AEST Sugar, David wrote: > On 4/12/19 10:33 PM, Russell Coker wrote: > > What is netlink_kobject_uevent_socket? Do we have a place we can document > > this sort of thing to make it easier to determine whether access is > > required and what the implications of such access are? > > I'm really not sure either. But, please note, that this patch is > dontaudit rules to quiet some denials that didn't seem to have any > negative side effect. If this patch isn't applied things will still > function, just have some entries in the audit logs. There's a good chance the action in question isn't an accident and some aspect of the program's functionality will be changed. I think it's best to have an idea of what the issue was before putting in a dontaudit rule, if some configuration of that program actually needs such functionality then a dontaudit will make it inconvenient to track it down. Have you tried running strace or ltrace to see what it's doing? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
