I notice that when I do 'setenforce', dbus is notified. But there appears to be a significant delay, e.g., 13-15 minutes, before dbus logs it.
Is this just log buffer 'flush buffer' timing? Is this to be expected?
thanks, tom
Sep 25 10:29:54 fedora kernel: audit(1096133394.349:0): avc: granted { setenforce } for pid=4107 exe=/usr/bin/setenforce scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security <SNIP> Sep 25 10:43:21 fedora dbus: avc: received setenforce notice (enforcing=0)
On Sat, 2004-09-25 at 10:49 -0700, Tom London wrote:
I notice that when I do 'setenforce', dbus is notified. But there appears to be a significant delay, e.g., 13-15 minutes, before dbus logs it.
Up until fairly recently, the reload only happened when a permission was actually checked. It was later changed to use a thread, so you should see the reload message right away. That change was done in the D-BUS CVS, not sure if it's in the 0.22 in rawhide.
selinux@lists.fedoraproject.org
-
Colin Walters -
Tom London