How do I figure out on what file dac_override is attempted?
Göran Uddeborg
goeran at uddeborg.se
Wed Jan 20 12:47:59 UTC 2010
Stephen Smalley:
> To get object information, you need to enable
> syscall auditing, and add a trivial syscall filter to turn on pathname
> collection by the audit subsystem.
Thanks for that tip (all of you who gave it)! I now know it is
/dev/fb that plymouthd can't access. The audit record also told me it
was owned by a regular user and mode rw-------. So now it makes
sense. A root process would need dac_override to open that file.
More information about the selinux
mailing list