[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] (#6) filesystem auditing



On Tue, 2005-03-15 at 12:33 -0600, Timothy R. Chavez wrote:
> Oops, I was looking at an unpatched auditctl.c (doh!) so I don't think this is 
> the problem necessarily, but if you could please verify that you do make it 
> past audit_netlink_ok(), into audit_watch_insert(), and then print out the 
> values, that'd help.  I'm trying to think of where you'd get invalids.  And 
> you're right, its likely that at least the payload is malformed in some way.

Ah, I think SELinux is stopping it.  Even in permissive mode.  SELinux
applies a check from the netlink_send() hook, and it doesn't presently
have a mapping for the new audit operations you are introducing, so it
rejects the request as invalid.  That security stuff, always getting in
the way ;)

-- 
Stephen Smalley <sds tycho nsa gov>
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]