[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Worrying AVC messages



On Monday 22 January 2007 19:40, Stephen Smalley wrote:
> > type=AVC msg=audit(1162463326.809:49): avc:  denied  { search } for 
> > pid=4186 comm="postmap" name="nscd" dev=hdb1 ino=195773
> > scontext=user_u:system_r:postfix_map_t:s0
> > tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir
> > type=SYSCALL msg=audit(1162463326.809:49): arch=40000003 syscall=102
> > success=no exit=-2 a0=3 a1=bf915688 a2=67eff4 a3=4 items=0 ppid=4147
> > pid=4186 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> > tty=pts5 comm="postmap" exe="/usr/sbin/postmap"
> > subj=user_u:system_r:postfix_map_t:s0 key=(null)
>
> Yes, that shows the security contexts of the source (process) and the
> target (in this case, a directory).  audit2allow will turn those
> messages into allow rules, e.g.
> 	su -
> 	audit2allow -a -M local
> 	semodule -i local.pp
>
After reading the man pages I find that I'm no wiser as to what this is doing.  
I understand the first and last lines, but could you explain how you build 
the audit2allow line, and what it actually does?

Thanks

Anne

Attachment: pgpt70QSQeKcd.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]