Hello List,
I'm dealing with some strange occurrences in my audit log and was wondering if anyone could shed some light.
First off "/sbin/setfiles" ran, for no apparent reason, I didn't run the command, wasn't applying any new selinux policies or in any way interacting with the system. I looked back through the logs and there was no other occurrences of this happening other then twice yesterday. Example:
linux-audit type=SYSCALL msg=audit(1424298673.524:35003): arch=c000003e syscall=59 success=yes exit=0 a0=23fcc10 a1=2892c10 a2=7fffbfbdac58 a3=7473616d5f6e6f69 items=0 ppid=728 pid=757 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3490 comm="restorecon" exe="/sbin/setfiles" subj=unconfined_u:system_r:setfiles_t:s0 key=(null)
Secondly, I have a bunch of selinux denied messages, such as:
linux-audit type=AVC msg=audit(1424298673.524:35003): avc: denied { read write } for pid=757 comm="restorecon" path="[eventfd]" dev=anon_inodefs ino=3791 scontext=unconfined_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:anon_inodefs_t:s0 tclass=file
The inodes for these selinux denied events trace back to:
/sys/devices/virtual/block/ram10/trace/end_lba
/sys/devices/virtual/block/ram10/queue/max_segments
I am completely stumped and would appreciate any help.
Thanks,
Mark
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
