On Fri, 2010-02-19 at 16:53 -0500, Alan Rouse wrote: > Stephen wrote: > > Can you move aside the audit.log, add the line below to the > > end of /etc/audit/audit.rules, reboot, and then send the new > > audit.log? > > > > -a exit,always -S chroot > > See attached Hmm...still no PATH or SYSCALL records. auditctl -s reports what? auditctl -l reports what? The first few denials indicate that you don't have polkit policy defined, so the daemon and the files are not in the right security context. You likely just need a newer upstream policy for that. dbusd denials indicate that your policy lacks rules to allow dbusd to read the /proc/pid/cmdline of other domains. That is also present in current upstream refpolicy. So it may make sense to retry upstream refpolicy now. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
