[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Latest kernel (2356), avc's on hwclock



On Fri, 2006-07-07 at 07:14 -0700, Tom London wrote:
> Running latest rawhide kernel, get the following during boot (in
> /var/log/messages):
> 
> Jul  7 06:22:45 localhost kernel: audit(1152278484.994:5): avc:
> denied  { audit_write } for  pid=471 comm="hwclock" capability=29
> scontext=system_u:system_r:hwclock_t:s0
> tcontext=system_u:system_r:hwclock_t:s0 tclass=capability

Looks like the Fedora hwclock is instrumented to generate an audit
record, but policy doesn't yet allow it to do so.  These capability
checks used to be silent (no auditing) since they occur on netlink recv,
but a recent patch has enabled SELinux to generate audit messages on the
netlink recv capability checks.  So we can expect these types of denials
to show up now.  Should be allowed in this case.

-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]