[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: type=USER_ROLE_CHANGE



Steve Grubb wrote:
On Thursday 13 July 2006 17:03, Michael C Thompson wrote:
In doing some tests, I've noticed that the USER_ROLE_CHANGE audit record
is associated with both newrole, and semanage user -[ad].

semanage should also be using these:

#define AUDIT_ROLE_ASSIGN            2301 /* Admin assigned user to role */
#define AUDIT_ROLE_REMOVE          2302 /* Admin removed user from role */

USER_ROLE_CHANGE should only be used when newrole is used. If semanage needs more record types let me know.

-Steve

Hey Steve,

I do not believe these messages are implemented, or at least are not properly used, in semanage. Doing semanage user changes or semanage login changes only result in USER_ROLE_CHANGE messages.

'semanage user -d deleteme_u' yeilds:

type=USER_ROLE_CHANGE msg=audit(1153152594.356:685): user pid=10862 uid=0 auid=0 subj=root:staff_r:staff_t:s0-s15:c0.c255 msg='op=delete SELinux user record acct=deleteme_u old-seuser=? old-role=? old-range=? new-seuser=? new-role=? new-range=? exe=/usr/sbin/semanage (hostname=?, addr=?, terminal=pts/2 res=success)'

This is seen with policycoreutils-1.30.17-2.

Thanks,
Mike


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]