[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: on machine with CPU -> 100%, lots of avc's



Try (as root):

service auditd restart

and see if auditd returns OK or FAIL?  It might spit out some errors, or
put something in /var/log/messages.  If it complains about the log not
being writable by owner, then  "chmod u+w /var/log/audit/*" is what
fixed it for me.

It could also be an SELinux problem, but only if you have
SELINUX=enforcing in /etc/selinux/config.  On my test machine, I
generally set SELINUX=permissive there so I see avc denials, but
everything continues working even if there is an SELinux
misconfiguration.

> Disable SELinux and AVCs will be gone. Forever.

I agree SELinux can be quite frustrating once you start customizing
services, and I have been known to turn it off entirely for that reason.
But for testing purpose, it's extremely useful to have people like us
stumble across avc denials so the general public doesn't have to, and
they can enjoy the security benefits.

-B.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]