Userspace AVC auditing on policy load

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I was looking into this dbus-broker audit message, which has the wrong audit type:

audit[422]: USER_AVC pid=422 uid=999 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t msg='avc: received policyload notice (seqno=2)

This is due to dbus-broker setting their avc log callback to send USER_AVC audit messages for everything that comes to the libselinux log callback. I think the right thing to do there is to change it to emit USER_SELINUX_ERR audit messages if the log message is SELINUX_ERROR, otherwise log the message using their regular method (stderr I think).

But the question became, why is the userspace AVC not simply emitting its own USER_MAC_POLICY_LOAD audit message instead of sending a message to the log callback?

--
Chris PeBenito



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux