On Sat, Apr 13, 2019 at 02:24:25PM +1000, Russell Coker wrote: > On Saturday, 13 April 2019 1:26:06 PM AEST Sugar, David wrote: > > On 4/12/19 10:33 PM, Russell Coker wrote: > > > What is netlink_kobject_uevent_socket? Do we have a place we can document > > > this sort of thing to make it easier to determine whether access is > > > required and what the implications of such access are? > > > > I'm really not sure either. But, please note, that this patch is > > dontaudit rules to quiet some denials that didn't seem to have any > > negative side effect. If this patch isn't applied things will still > > function, just have some entries in the audit logs. > > There's a good chance the action in question isn't an accident and some aspect > of the program's functionality will be changed. I think it's best to have an > idea of what the issue was before putting in a dontaudit rule, if some > configuration of that program actually needs such functionality then a > dontaudit will make it inconvenient to track it down. > > Have you tried running strace or ltrace to see what it's doing? I agree that this probably shouldnt be dontaudited. This is a common pattern for "udev clients" The kobject_uevent socket aspect is probably to monitor devices (equivalent to `udevadm monitor`) > > -- > My Main Blog http://etbe.coker.com.au/ > My Documents Blog http://doc.coker.com.au/ > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
Attachment:
signature.asc
Description: PGP signature
