On Mon, Jun 9, 2008 at 4:32 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > On Mon, 2008-06-09 at 16:15 +0000, Justin Mattock wrote: >> On Mon, Jun 9, 2008 at 1:28 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: >> > >> > On Sun, 2008-06-08 at 08:43 +0000, Justin Mattock wrote: >> >> Hello; why do I receive this: No AVC messages found when I audit2allow -d when >> >> I have this under dmesg: >> >> [ 8395.499759] type=1701 audit(1212909990.108:3): auid=4294967295 >> >> uid=1000 gid=1000 ses=4294967295 subj=a-12:sysadm_r:sysadm_t pid=3389 >> >> comm="aterm" sig=6 >> >> >> >> the only action that I took was "uptime" in a terminal, could this be it? >> >> should I have seen the definition uptime in the AVC? i.g. /usr/sbin or /*/* >> >> or is this something diff. >> >> regards; >> > >> > Not all audit messages are AVC messages. >> > >> > -- >> > Stephen Smalley >> > National Security Agency >> > >> > >> >> Hello; What might have caused this message to be triggered. >> just so I get a better idea. >> regards; > > Use /sbin/ausearch -i to interpret the audit messages in a more readable > form. And ask questions about audit not related to selinux on > linux-audit@xxxxxxxxxx list after subscribing there. > > In this case, type=1701 corresponds to AUDIT_ANON_ABEND in > include/linux/audit.h, which means a process died abnormally. > > -- > Stephen Smalley > National Security Agency > > Alright; thanks for the info, If I see anything interesting with SELinux I'll let you guy's know, and then with any audit related stuff I'll inform linux-audit. regards; -- Justin P. Mattock -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
