On Mon, 24 Aug 2009, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > >>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503252 > >> > >> audit2allow -l is looking for the load_policy message which does not go > >> to the dmesg, /var/log/messages. Therefore the tool has no idea when > >> policy was last loaded. > > > > That would be a kernel bug then. > > Well I believe the messages that are intercepted by the audit.log do not go > into dmesg, by design. Although Steve, James or Eric could probably say for > sure. When auditd is not running on a Debian system with CentOS kernel 2.6.18-92.1.13.el5xen or Debian/Lenny kernel 2.6.26-2-xen-686 then nothing goes to the kernel message log which is interpreted by audit2allow as a candidate for the "-l" functionality. It's OK if all the AVC messages go to the audit log and "dmesg|audit2allow -l" gives no output. But if all AVC messages other than the load_policy message go to the kernel message log then it's a bug. -- russell@xxxxxxxxxxxx http://etbe.coker.com.au/ My Main Blog http://doc.coker.com.au/ My Documents Blog -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
