ausearch / policy question
LC Bruzenak
lenny at magitekltd.com
Fri Jul 25 17:36:19 UTC 2008
On Fri, 2008-07-25 at 14:27 +0800, Cai Xianchao wrote:
> > type=AVC msg=audit(07/23/2008 17:18:44.292:1622) : avc: denied
> > { read } for pid=4033 comm=ausearch name=audit.log dev=dm-0 ino=24698
> > scontext=root:staff_r:staff_t:s0-s15:c0.c1023
> > tcontext=system_u:object_r:auditd_log_t:s15:c0.c1023 tclass=file
> >
> >
>
> In the message, the level of audit.log is s15:c0.c1023, while the current
> process is s0. So the process can't read audit.log and AVSs are producted.
>
>
scontext includes sensitivity levels range s0-s15.
Doesn't that include tcontext sensitivity level s0 (same
classifications)?
Thx,
LCB.
--
LC (Lenny) Bruzenak
lenny at magitekltd.com
More information about the Linux-audit
mailing list