Hi, folks,
My manager just updated his fedora box from 20 to 22, and it appears as though selinux, in permissive mode, is logging *EVERY* command run by the system as root to syslog, even though the auditd's running. I am talking successes, not failures.
I've been googling, but haven't yet found how to change that so that it's more normal, with only avc's showing in syslog.
Just looked, and see that setroubleshootd is installed, but not how to tell systemd (which should die) to start it (if that's my answer).
mark
----- Original Message -----
From: "m roth" m.roth@5-cent.us To: "selinux" selinux@lists.fedoraproject.org Sent: Tuesday, July 21, 2015 12:01:14 PM Subject: fedora 22
Hi, folks,
My manager just updated his fedora box from 20 to 22, and it appears as though selinux, in permissive mode, is logging *EVERY* command run by the system as root to syslog, even though the auditd's running. I am talking successes, not failures.
Sure its not an audit.rule?
# auditctl -l
I've been googling, but haven't yet found how to change that so that it's more normal, with only avc's showing in syslog.
Just looked, and see that setroubleshootd is installed, but not how to tell systemd (which should die) to start it (if that's my answer).
mark
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
On 22/07/15 14:03, Simon Sekidde wrote:
----- Original Message -----
From: "m roth" m.roth@5-cent.us To: "selinux" selinux@lists.fedoraproject.org Sent: Tuesday, July 21, 2015 12:01:14 PM Subject: fedora 22
Hi, folks,
My manager just updated his fedora box from 20 to 22, and it appears as though selinux, in permissive mode, is logging *EVERY* command run by the system as root to syslog, even though the auditd's running. I am talking successes, not failures.
Sure its not an audit.rule?
# auditctl -l
I suspect more likely https://bugzilla.redhat.com/show_bug.cgi?id=1227379
T
Trevor Hemsley wrote:
On 22/07/15 14:03, Simon Sekidde wrote:
From: "m roth" m.roth@5-cent.us
My manager just updated his fedora box from 20 to 22, and it appears as though selinux, in permissive mode, is logging *EVERY* command run by the system as root to syslog, even though the auditd's running. I am talking successes, not failures.
<snip>
I suspect more likely https://bugzilla.redhat.com/show_bug.cgi?id=1227379
And as the OP in the bugzilla thread notes, they're pointing fingers, and is still waiting at least for a workaround.
Can anyone here suggest one?
mark
selinux@lists.fedoraproject.org