How do I figure out on what file dac_override is attempted?
Stephen Smalley
sds at tycho.nsa.gov
Wed Jan 20 20:57:19 UTC 2010
On Wed, 2010-01-20 at 15:49 -0500, Daniel J Walsh wrote:
> On 01/20/2010 02:50 PM, Stephen Smalley wrote:
> > type=PATH msg=audit(01/20/2010 14:43:20.785:41253) : item=0 name=./capable_file/temp_file inode=841249 dev=fd:00 mode=file,644 ouid=root ogid=root rdev=00:00 obj=unconfined_u:object_r:test_file_t:s0
>
> Why does path begin with a ./capable_file/temp_file?
Because the audit system is collecting the pathname string that was
passed to the system call, and that pathname was a relative path. But
note the CWD record which enables you to deduce the absolute path.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list