new (updated) FC7 system getting auditing errors

Daniel J Walsh dwalsh at redhat.com
Fri Jun 15 11:00:22 UTC 2007


Phil Edwards wrote:
> Hi.  I've just installed FC7, updated its packages, but made few other
> changes so far; no changes at all to selinux (I wouldn't know how, and
> there is no full-time sysadmin).
>
> The messages log is filling up with stuff like this:
>
> dbus: Can't send to audit system: USER_AVC avc:  received policyload
> notice (seqno=2) : exe="/bin/dbus-daemon" (sauid=539, hostname=?,
> addr=?, terminal=?)
> nscd: Can't send to audit system: USER_AVC avc:  received policyload
> notice (seqno=2) : exe="?" (sauid=28, hostname=?, addr=?, terminal=?)
>
> dbus and nscd are the nosiest culprits.
>
> Googling for what look like the key phrases gets me tons of hits from
> 2005, but nothing recent and nothing pertaining to FC7 (but having
> never used an FC release before, I could be wrong).
>
> Could somebody please tell me how to turn this noise off?
These are not SELinux errors so to speak, they are auditing errors.  
When you update policy probably during a yum update, any application 
that is running as a SELinux policy enforcer, gets a message from the 
kernel telling that the policy has been updated.  These apps then 
attempt to send a message to the audit system stating that they have 
reloaded the policy.  These errors are generated because the 
applications are running as a normal user and are not allowed to send to 
the audit.log.  So the audit subsystem sends a message to 
/var/log/messages.  So other then filling you /var/log/messages file, 
these errors can be ignored.   The dbus error has been fixed in FC6 and 
seems to have resurfaced.  I have not seen the nscd error.  Both should 
be reported as bugzillas to nscd, and dbus.
>
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list




More information about the fedora-selinux-list mailing list