On Wed, Jul 15, 2020 at 6:45 PM Mike Palmiotto <mike.palmiotto@xxxxxxxxxxxxxxx> wrote: > Interestingly, the test program is working fine: > https://github.com/mpalmi/selinux/tree/sestatus > https://github.com/mpalmi/sestatus-test > > On a test run, I'm seeing both the status page and netlink socket > notifications for load_polcy (twice for each case): > > ``` > ./test > opened avc successfully > got netlink socket: 4 > > watching netlink socket for events > avc: received policyload notice (seqno=3) > policy reload notice received > avc: received policyload notice (seqno=4) > policy reload notice received > ^C > watching sestatus page for events > avc: received policyload notice (seqno=5) > policy reload notice received > avc: received policyload notice (seqno=6) > policy reload notice received > ^Cclosing netlink socket: 4 > destroying avc > goodbye > ``` > > Still seeing the MAC_POLICY_LOAD audit message, but none of the usual > USER_AVC policyload notices. I only see one notification per load_policy invocation. What versions of kernel and dbus are you using? Are you using dbus-daemon or dbus-broker? How are you testing dbus with this change - just doing a make install relabel of libselinux and restarting dbus-daemon or dbus-broker, then running load_policy and checking for USER_AVC messages? Is this on CentOS 7/8?
