[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How do I figure out on what file dac_override is attempted?



On Wed, 2010-01-20 at 13:47 +0100, Göran Uddeborg wrote:
> Stephen Smalley:
> > To get object information, you need to enable
> > syscall auditing, and add a trivial syscall filter to turn on pathname
> > collection by the audit subsystem.
> 
> Thanks for that tip (all of you who gave it)!  I now know it is
> /dev/fb that plymouthd can't access.  The audit record also told me it
> was owned by a regular user and mode rw-------.  So now it makes
> sense.  A root process would need dac_override to open that file.

That tip really ought to get captured in the Fedora SELinux FAQ or
Guide.  Dan?

-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]