On 10/2/19 2:41 PM, Dominick Grift wrote:
Are you also looking for "selinux_err" records?
Nope, because I had never heard of them before. :-) That found the error: type=SELINUX_ERR msg=audit(1570044939.773:845): op=security_compute_sid invalid_context=system_u:system_r:denatc_sudo_t:s0 scontext=system_u:system_r:denatc_t:s0 tcontext=system_u:object_r:sudo_exec_t:s0 tclass=process It seems that I was missing a role-type statement: role system_r types denatc_sudo_t; Adding that gets me back to more conventional denials, which I know how to deal with. Thanks! -- ======================================================================== Ian Pilcher arequipeno@xxxxxxxxx -------- "I grew up before Mark Zuckerberg invented friendship" -------- ========================================================================
