[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FC5, Apache, Bugzilla, SELinux issues



>in /var/log/messages i see a similar error to my original post:
>
>Jan  4 15:57:11 svn kernel: security:  3 users, 6 roles, 1489 types, 153 bools,
1 >sens, 256 cats
>Jan  4 15:57:11 svn kernel: security:  58 classes, 43765 rules
>Jan  4 15:57:11 svn dbus: Can't send to audit system: USER_AVC avc:  received
>policyload notice (seqno=13) : exe="?" (sauid=81, hostname=?, addr=?,
terminal=?)

These are not errors. Part of the problem is that the libselinux audit callback
API only allows a format and varargs to be passed to the logging function. This
means the logger has to assume that everything it sees is an AVC so it doesn't
miss one. I'd like to correct this API problem at some point during FC7 devel
cycle so that the message type is also passed to the logger. This way we can
properly label the audit events so that it says USER_POLICY_LOAD instead of
USER_AVC which tends to get people excited.

I also think that dbus could do a slightly better job of determining when it
should send an audit message vs simply syslogging it. The user session bus does
not have the privileges necessary to write to the audit system.

-Steve

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]