Latest kernel (2356), avc's on hwclock
Tom London
selinux at gmail.com
Mon Jul 10 15:05:11 UTC 2006
On 7/7/06, Ian Pilcher <i.pilcher at comcast.net> wrote:
> Stephen Smalley wrote:
> > Looks like the Fedora hwclock is instrumented to generate an audit
> > record, but policy doesn't yet allow it to do so. These capability
> > checks used to be silent (no auditing) since they occur on netlink recv,
> > but a recent patch has enabled SELinux to generate audit messages on the
> > netlink recv capability checks. So we can expect these types of denials
> > to show up now. Should be allowed in this case.
>
> So it's generating an audit message, because it wasn't allowed to
> generate an audit message?
>
> I've only had half a beer...
>
> --
> ========================================================================
> Ian Pilcher i.pilcher at comcast.net
> ========================================================================
>
A slight side question:
hwclock seems to be producing audit messages either before or after
auditd has started/exited. I see a message on shutdown, but it appears
not to be logged anywhere.
Does that meet auditing requirements?
tom
--
Tom London
More information about the selinux
mailing list