SELinux policy reload cannot be sent to audit system
Steve Grubb
sgrubb at redhat.com
Thu Nov 5 13:20:15 UTC 2015
On Thursday, November 05, 2015 10:26:17 AM Laurent Bigonville wrote:
> Le 05/11/15 09:32, Laurent Bigonville a écrit :
> > Le 05/11/15 04:23, Steve Grubb a écrit :
> >> I tested this on Fedora 22 and did not get a USER_AVC from dbus, but
> >> I also did not get an error message in syslog. So, I don't know what to
> >> make of it.
> >> (And for the record, I have a bz open saying that USER_AVC is the
> >> wrong event type. They are blaming libselinux but I blame them for not
> >> using AUDIT_USER_MAC_POLICY_LOAD.)
> >
> > The audit code in dbus has been refactored a bit in the version
> > present F23 and debian unstable, so it might be related to this that.
> >
> > Do you still have the number of that bz bug?
>
> BTW, systemd is also apparently sending a USER_AVC event when the policy
> is reloaded.
This is bz 1195330.
-Steve
More information about the Linux-audit
mailing list