[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

audit log question



Using MLS permissive policy selinux-policy-mls-3.3.1-77.fc9.noarch.

I'm looking at some AVCs generated when I do a ausearch as root.
I thought it was because the root context was set at SystemLow.

I looked at the logs and all are set at SystemHigh except the last 4
(current audit.log + audit.log.[1-3]).

[root hugo sbin]# ls -al /var/log/audit/audit.log.[1-6]
-r-------- 1 root root 5243230 2008-07-23
15:34 /var/log/audit/audit.log.1
-r-------- 1 root root 5242915 2008-07-22
12:36 /var/log/audit/audit.log.2
-r-------- 1 root root 5242932 2008-07-22
12:36 /var/log/audit/audit.log.3
-r-------- 1 root root 5243017 2008-06-27
12:33 /var/log/audit/audit.log.4
-r-------- 1 root root 5242977 2008-06-27
12:16 /var/log/audit/audit.log.5
-r-------- 1 root root 5242921 2008-06-27
11:52 /var/log/audit/audit.log.6
[root hugo sbin]# ls -alZ /var/log/audit/audit.log.[1-6]
-r--------  root root
root:object_r:auditd_log_t:SystemLow /var/log/audit/audit.log.1
-r--------  root root
root:object_r:auditd_log_t:SystemLow /var/log/audit/audit.log.2
-r--------  root root
root:object_r:auditd_log_t:SystemLow /var/log/audit/audit.log.3
-r--------  root root
system_u:object_r:auditd_log_t:SystemHigh /var/log/audit/audit.log.4
-r--------  root root
system_u:object_r:auditd_log_t:SystemHigh /var/log/audit/audit.log.5
-r--------  root root
system_u:object_r:auditd_log_t:SystemHigh /var/log/audit/audit.log.6


Is this correct (and if so, why)?
Maybe I did something...

Thx,
LCB.

-- 
LC (Lenny) Bruzenak
lenny magitekltd com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]