[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Latest kernel (2356), avc's on hwclock



On Fri, 2006-07-07 at 18:06 -0500, Ian Pilcher wrote:
> Stephen Smalley wrote:
> > Looks like the Fedora hwclock is instrumented to generate an audit
> > record, but policy doesn't yet allow it to do so.  These capability
> > checks used to be silent (no auditing) since they occur on netlink recv,
> > but a recent patch has enabled SELinux to generate audit messages on the
> > netlink recv capability checks.  So we can expect these types of denials
> > to show up now.  Should be allowed in this case.
> 
> So it's generating an audit message, because it wasn't allowed to
> generate an audit message?

No, the kernel is generating an audit message about a permission denial
on hwclock's attempt to generate its own user audit message (with its
own content, which could be arbitary).

-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]