Hi,
I'm having some issues with enforcing mode for the MLS policy. I've
been able to get around a few issues by simply feeding avcs through
audit2allow, but this is and MLS range issue, so I think something else
is needed... Here is the AVC
type=AVC msg=audit(1219865658.259:224923): avc: denied { write } for pid=1332 comm="audispd" path="socket:[7463]" dev=sockfs ino=7463 scontext=system_u:system_r:audisp_t:s15:c0.c1023 tcontext=system_u:system_r:audisp_t:s0-s15:c0.c1023 tclass=unix_stream_socket
This message is repeated quite frequently, driving the load up and
filling the log file. The audispd processing is running at SystemHigh,
and I haven't found a way to kill it without dropping to permissive
mode. (Any suggestions on that appreciated as well.. "newrole -r
sysadm_t; newrole -l s15; kill 1332" didn't work..)
I'm wondering if audisp/setroubleshoot are needed for auditing to work,
or if they are helps for X applications, in which case they aren't
needed at all, since X doesn't run in MLS enforcing.
--
Robert Story
SPARTA
Attachment:
signature.asc
Description: PGP signature
