new (updated) FC7 system getting auditing errors
Daniel J Walsh
dwalsh at redhat.com
Fri Jun 15 11:00:22 UTC 2007
Phil Edwards wrote:
> Hi. I've just installed FC7, updated its packages, but made few other
> changes so far; no changes at all to selinux (I wouldn't know how, and
> there is no full-time sysadmin).
>
> The messages log is filling up with stuff like this:
>
> dbus: Can't send to audit system: USER_AVC avc: received policyload
> notice (seqno=2) : exe="/bin/dbus-daemon" (sauid=539, hostname=?,
> addr=?, terminal=?)
> nscd: Can't send to audit system: USER_AVC avc: received policyload
> notice (seqno=2) : exe="?" (sauid=28, hostname=?, addr=?, terminal=?)
>
> dbus and nscd are the nosiest culprits.
>
> Googling for what look like the key phrases gets me tons of hits from
> 2005, but nothing recent and nothing pertaining to FC7 (but having
> never used an FC release before, I could be wrong).
>
> Could somebody please tell me how to turn this noise off?
These are not SELinux errors so to speak, they are auditing errors.
When you update policy probably during a yum update, any application
that is running as a SELinux policy enforcer, gets a message from the
kernel telling that the policy has been updated. These apps then
attempt to send a message to the audit system stating that they have
reloaded the policy. These errors are generated because the
applications are running as a normal user and are not allowed to send to
the audit.log. So the audit subsystem sends a message to
/var/log/messages. So other then filling you /var/log/messages file,
these errors can be ignored. The dbus error has been fixed in FC6 and
seems to have resurfaced. I have not seen the nscd error. Both should
be reported as bugzillas to nscd, and dbus.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list