Latest kernel (2356), avc's on hwclock
Stephen Smalley
sds at tycho.nsa.gov
Mon Jul 10 19:58:27 UTC 2006
On Fri, 2006-07-07 at 18:06 -0500, Ian Pilcher wrote:
> Stephen Smalley wrote:
> > Looks like the Fedora hwclock is instrumented to generate an audit
> > record, but policy doesn't yet allow it to do so. These capability
> > checks used to be silent (no auditing) since they occur on netlink recv,
> > but a recent patch has enabled SELinux to generate audit messages on the
> > netlink recv capability checks. So we can expect these types of denials
> > to show up now. Should be allowed in this case.
>
> So it's generating an audit message, because it wasn't allowed to
> generate an audit message?
No, the kernel is generating an audit message about a permission denial
on hwclock's attempt to generate its own user audit message (with its
own content, which could be arbitary).
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list