Something in Rawhide spams SELinux or audit messages to every terminal
Richard W.M. Jones
rjones at redhat.com
Sat Mar 21 17:29:20 UTC 2015
On Sun, Mar 22, 2015 at 11:29:21PM +0100, Zbigniew Jędrzejewski-Szmek wrote:
> On Fri, Mar 20, 2015 at 02:14:38PM +0000, Richard W.M. Jones wrote:
> > Message from syslogd at trick at Mar 20 14:13:46 ...
> > journal:<audit-2404> pid=2038 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5e:91:96:9b:d3:3c:42:5c:21:e8:fe:8e:4c:c6:a8:ef:cb:3f:ff:b8:e8:c8:b0:2a:a3:d9:c7:65:40:dc:7a:62 direction=? spid=2046 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=192.168.0.175 terminal=? res=success'
> > If someone can suggest a suitable component and what diagnostics would
> > be needed, I can file a bug.
> It looks like journald reads audit messages and saves them to the
> journal, and you are running a syslog daemon which forwards them to
> the console. It would seem that the messages are saved by journald
> with a wrong syslog priority level... Can you find the corresponding message
> in 'journalctl -o verbose' output and paste the full entry?
This bug was diagnosed and fixed here:
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
More information about the devel