dac_override and dac_read_search ... again!
Daniel J Walsh
dwalsh at redhat.com
Wed Aug 4 18:55:48 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/04/2010 02:07 PM, Mr Dash Four wrote:
>
>> You have some file that has ownereship such that root can not access the
>> file via permissions.
>>
>> You need to turn on full auditing to get the path of the offending file.
>>
>> Execute
>>
>> auditctl -w /etc/shadow -p w
>>
>> And see if you can generate the error again. Then you should get a path
>> with the next avc message.
>>
> As far as I know, for this to work I would need to have auditd running,
> isn't that the case? As I pointed in my initial post, auditd cannot start!
>
> OK, I can force permissive mode, then start auditd, switch back to
> enforced mode and then execute auditctl. Then, may be, I could find the
> offending path/files causing the issues with the other programs I have
> listed in my logs, but how do I deal with the auditd itself? auditctl
> requires auditd to be running in order to show the paths, isn't that not
> the case?
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
I would boot the machine in permissive mode and with the audit flag set.
You should still get the audit messages and the PATH message.
Most likely this is a file in /etc/ Likely candidates would be
something like resolv.conf, services hosts.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkxZt7QACgkQrlYvE4MpobPQwACgmHdnWJVZf6ukCbEmIA7gVwRa
8LYAn28LRvb5z9Acl3VFZLcb6/W3rAT3
=LCjZ
-----END PGP SIGNATURE-----
More information about the selinux
mailing list