On 4/14/21 12:52 PM, Ed Greshko wrote:
On 15/04/2021 00:33, home user wrote:
I tried that using "ps -ef | grep [pid]". The only hit was the ps command itself.
It is not clear to me that you did this immediately after getting the alert.
1. I launched caja from the gnome activities dash. The caja GUI displays. 2. The SELinux alert shows up. 3. I trackball over to the alert and click the Details button. 4. The Details window comes up, I trackball over to it, I make it bigger. 5. I scroll down and look for the pid. 6. I trackball over to the terminal and enter the ps command. Steps 2 thru 6 do take several seconds, maybe up to a minute. That's as "immediate" as I can do.
According to the ausearch_out the PID is different at each instance of an alert. So, it is possible that whatever process produced the alert has exited or died after the series of alerts.
I agree.