SELinux policy reload cannot be sent to audit system
Laurent Bigonville
bigon at debian.org
Tue Nov 3 16:05:55 UTC 2015
Hi,
With dbus 1.10.2 (on Debian), when I'm running "semodule -B", the system
dbus daemon is complaining with the following message:
nov 03 15:02:57 soldur dbus[1057]: Can't send to audit system: USER_AVC
avc: received policyload notice (seqno=3) exe="/usr/bin/dbus-daemon"
sauid=102 hostname=? addr=? terminal=?
This is the system dbus daemon running as "messagebus":
message+ 1057 0.0 0.0 127756 4524 ? Ssl 10:39 0:11
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile
--systemd-activation
Looking at the capabilities:
$ sudo getpcaps 1057
Capabilities for `1057': = cap_audit_write+ep
All other user_avc seems to be properly logged in audit.
An idea?
Cheers,
Laurent Bigonville
More information about the Linux-audit
mailing list