[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ausearch / policy question



On Fri, 2008-07-25 at 14:27 +0800, Cai Xianchao wrote:

> > type=AVC msg=audit(07/23/2008 17:18:44.292:1622) : avc:  denied
> > { read } for  pid=4033 comm=ausearch name=audit.log dev=dm-0 ino=24698
> > scontext=root:staff_r:staff_t:s0-s15:c0.c1023
> > tcontext=system_u:object_r:auditd_log_t:s15:c0.c1023 tclass=file 
> >
> >   
>  
> In the message, the level of audit.log is s15:c0.c1023, while the current
> process is s0. So the process can't read audit.log and AVSs are producted.
> 
> 
scontext includes sensitivity levels range s0-s15.

Doesn't that include tcontext sensitivity level s0 (same
classifications)?

Thx,
LCB.
-- 
LC (Lenny) Bruzenak
lenny magitekltd com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]