[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FC5 MLS Policy: auditctl permission denied



Michael C Thompson wrote:

Hey Steve,

Under the FC5 MLS policy, what is the magic incantation of SELinux role and MLS range that will make auditctl go? I've tried staff_r, with staff_t and SystemLow, which I did not expect to work (and it didn't). I've also tried sysadm_[rt] and secadm_[rt] with both SystemHigh and SystemLow. So far, no combination has lead to auditctl being usable. secadm & sysadm attempts resolve in a direct bash denial message, whereas staff _can_ execute audit, but I get the messages:
"Error sending (rule/watch) list request (Permission denied)"

Anyone know the magic or is this a policy bug?

secadm_r

newrole -r secadm_r -l SystemHigh
Thanks,
Mike
------------------------------------------------------------------------

--
Linux-audit mailing list
Linux-audit redhat com
https://www.redhat.com/mailman/listinfo/linux-audit


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]