No AVC when sshd is mislabeled
Jorge Fábregas
jorge.fabregas at gmail.com
Sun Dec 12 22:36:30 UTC 2010
On Sunday 12 December 2010 18:13:28 Jorge Fábregas wrote:
> I'm triggering AVCs and I see them in /var/log/messages but seapplet is not
> capturing them or I don't know.
Arrrrgh. It turned out it was related to auditd. As soon as I started it, the
notifications started again.
I didn't know about "sedispatch", the actual program that watches for AVCs in
the audit subsystem and sends the notifications via DBUS (eventually captured
by "seapplet".)
The thing is that "sedispatch" only starts if you start the auditd service :(
I read that in the RHEL6 doc. You have to read that very carefully in order to
notice that. It may not be obvious for many. I think there should be a
"warning box" saying so (if you decide to stop auditd, you won't longer get
notifications on the desktop).
Sorry for the noise.
Best regards,
Jorge
More information about the selinux
mailing list