Worrying AVC messages

Anne Wilson cannewilson at tiscali.co.uk
Tue Jan 23 19:33:12 UTC 2007


On Monday 22 January 2007 19:40, Stephen Smalley wrote:
> > type=AVC msg=audit(1162463326.809:49): avc:  denied  { search } for 
> > pid=4186 comm="postmap" name="nscd" dev=hdb1 ino=195773
> > scontext=user_u:system_r:postfix_map_t:s0
> > tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir
> > type=SYSCALL msg=audit(1162463326.809:49): arch=40000003 syscall=102
> > success=no exit=-2 a0=3 a1=bf915688 a2=67eff4 a3=4 items=0 ppid=4147
> > pid=4186 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> > tty=pts5 comm="postmap" exe="/usr/sbin/postmap"
> > subj=user_u:system_r:postfix_map_t:s0 key=(null)
>
> Yes, that shows the security contexts of the source (process) and the
> target (in this case, a directory).  audit2allow will turn those
> messages into allow rules, e.g.
> 	su -
> 	audit2allow -a -M local
> 	semodule -i local.pp
>
After reading the man pages I find that I'm no wiser as to what this is doing.  
I understand the first and last lines, but could you explain how you build 
the audit2allow line, and what it actually does?

Thanks

Anne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20070123/90460b58/attachment.sig>


More information about the fedora-selinux-list mailing list