I'm running RHEL 5.1 with the mls policy.
I'm getting an avc denial that I can't get past. Here are the entries
from the audit log:
type=AVC msg=audit(1197658847.835:9499): avc: denied { create } for
pid=20432 comm="touch" name="tmp.log"
scontext=sysadm_u:sysadm_r:sysadm_t:s0-s4:c0.c255
tcontext=sysadm_u:object_r:audit_log_t:s0-s4:c0.c255 tclass=file
type=SYSCALL msg=audit(1197658847.835:9499): arch=c000003e syscall=2
success=no exit=-13 a0=7fff74eceb5c a1=941 a2=1b6 a3=328dd4b0ac items=0
ppid=12410 pid=20432 auid=11000 uid=11000 gid=4500 euid=11000 suid=11000
fsuid=11000 egid=4500 sgid=4500 fsgid=4500 tty=pts3 comm="touch"
exe="/bin/touch" subj=sysadm_u:sysadm_r:sysadm_t:s0-s4:c0.c255
key=(null)
Here is what audit2allow returns:
#============= sysadm_t ==============
# src="sysadm_t" tgt="audit_log_t" class="file", perms="create"
# comm="touch" exe="" path=""
allow sysadm_t audit_log_t:file create;
I have entered that exact allow rule into my policy to no effect.
Audit2why indicates that the reason for the above audit log avc denial
is a missing allow rule, as opposed to a constraint problem.
Any help would be greatly appreciated.
Thanks
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
