[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Latest kernel (2356), avc's on hwclock



On 7/7/06, Ian Pilcher <i pilcher comcast net> wrote:
Stephen Smalley wrote:
> Looks like the Fedora hwclock is instrumented to generate an audit
> record, but policy doesn't yet allow it to do so.  These capability
> checks used to be silent (no auditing) since they occur on netlink recv,
> but a recent patch has enabled SELinux to generate audit messages on the
> netlink recv capability checks.  So we can expect these types of denials
> to show up now.  Should be allowed in this case.

So it's generating an audit message, because it wasn't allowed to
generate an audit message?

I've only had half a beer...

--
========================================================================
Ian Pilcher                                        i pilcher comcast net
========================================================================

A slight side question:

hwclock seems to be producing audit messages either before or after
auditd has started/exited. I see a message on shutdown, but it appears
not to be logged anywhere.

Does that meet auditing requirements?

tom
--
Tom London


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]