Hi, Lately dbus has taken to sending this again: localhost dbus: Can't send to audit system: USER_AVC avc: received policyload notice (seqno=2) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?) This is clearly not an AVC - which is an access control decision. This is a policy load - something entirely different. The audit system wants to have 1 type = 1 meaning. We need to be able to differentiate information flow decisions from everything else. I will be releasing an update to the audit system this week. I can add USER_MAC_POLICY_LOAD type to libaudit.h if that would help solve the problem. This does beg the question, though, do we really want these events being recorded? If so, I think we should use an appropriate type and not USER_AVC. Thanks, -Steve -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
