[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: new (updated) FC7 system getting auditing errors



Phil Edwards wrote:
Hi.  I've just installed FC7, updated its packages, but made few other
changes so far; no changes at all to selinux (I wouldn't know how, and
there is no full-time sysadmin).

The messages log is filling up with stuff like this:

dbus: Can't send to audit system: USER_AVC avc:  received policyload
notice (seqno=2) : exe="/bin/dbus-daemon" (sauid=539, hostname=?,
addr=?, terminal=?)
nscd: Can't send to audit system: USER_AVC avc:  received policyload
notice (seqno=2) : exe="?" (sauid=28, hostname=?, addr=?, terminal=?)

dbus and nscd are the nosiest culprits.

Googling for what look like the key phrases gets me tons of hits from
2005, but nothing recent and nothing pertaining to FC7 (but having
never used an FC release before, I could be wrong).

Could somebody please tell me how to turn this noise off?
These are not SELinux errors so to speak, they are auditing errors. When you update policy probably during a yum update, any application that is running as a SELinux policy enforcer, gets a message from the kernel telling that the policy has been updated. These apps then attempt to send a message to the audit system stating that they have reloaded the policy. These errors are generated because the applications are running as a normal user and are not allowed to send to the audit.log. So the audit subsystem sends a message to /var/log/messages. So other then filling you /var/log/messages file, these errors can be ignored. The dbus error has been fixed in FC6 and seems to have resurfaced. I have not seen the nscd error. Both should be reported as bugzillas to nscd, and dbus.

--
fedora-selinux-list mailing list
fedora-selinux-list redhat com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]