Something in Rawhide spams SELinux or audit messages to every terminal
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Sun Mar 22 22:29:21 UTC 2015
On Fri, Mar 20, 2015 at 02:14:38PM +0000, Richard W.M. Jones wrote:
> Message from syslogd at trick at Mar 20 14:13:46 ...
> journal:<audit-2404> pid=2038 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5e:91:96:9b:d3:3c:42:5c:21:e8:fe:8e:4c:c6:a8:ef:cb:3f:ff:b8:e8:c8:b0:2a:a3:d9:c7:65:40:dc:7a:62 direction=? spid=2046 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=192.168.0.175 terminal=? res=success'
>
> If someone can suggest a suitable component and what diagnostics would
> be needed, I can file a bug.
It looks like journald reads audit messages and saves them to the
journal, and you are running a syslog daemon which forwards them to
the console. It would seem that the messages are saved by journald
with a wrong syslog priority level... Can you find the corresponding message
in 'journalctl -o verbose' output and paste the full entry?
Zbyszek
More information about the devel
mailing list