[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

AVC from smartd

One of the drives in my RAID1 array failed this evening, so smartd let
me know about it by email. Along the way, it generated an AVC (F8):

type=AVC msg=audit(1201808872.737:2426): avc:  denied  { read } for
pid=27830 comm="sh" name="urandom" dev=tmpfs ino=2374
scontext=system_u:system_r:fsdaemon_t:s0
tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1201808872.737:2426): arch=c000003e syscall=2
success=no exit=-13 a0=48cb94 a1=0 a2=6cb6 a3=3324f529f0 items=0
ppid=27829 pid=27830 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) comm="sh" exe="/bin/bash"
subj=system_u:system_r:fsdaemon_t:s0 key=(null)

Not quite sure why it needed to access /dev/urandom, and it doesn't
appear to have stopped the mail being sent, so maybe this is one to be
dontaudit-ed?

Paul.
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]