SE alert
jd1008
jd1008 at gmail.com
Mon Jul 20 18:09:48 UTC 2015
On 07/20/2015 11:57 AM, Gordon Messmer wrote:
> On 07/20/2015 10:47 AM, jd1008 wrote:
>> So, how did it become permissive??
>
> We have no way to answer that. Your audit log would record the time
> at which the system entered permissive mode.
How incredibly mysterious is that?
here are a few of the lines from audit.log.
All of the output of the command below
showed .......permissive=0
# grep -i permissive audit.log
type=AVC msg=audit(1437355414.517:526): avc: denied { write } for
pid=2365 comm="blueman-mechani" name="/" dev="tmpfs" ino=13776
scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023
tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1437355414.517:527): avc: denied { write } for
pid=2365 comm="blueman-mechani" name="/" dev="debugfs" ino=1
scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023
tcontext=system_u:object_r:debugfs_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1437355414.517:528): avc: denied { write } for
pid=2365 comm="blueman-mechani" name="/" dev="nfsd" ino=1
scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023
tcontext=system_u:object_r:nfsd_fs_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1437355414.517:529): avc: denied { write } for
pid=2365 comm="blueman-mechani" name="/" dev="sdb3" ino=2
scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023
tcontext=system_u:object_r:default_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1437355414.517:530): avc: denied { write } for
pid=2365 comm="blueman-mechani" name="/" dev="fusectl" ino=1
scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir permissive=0
More information about the users
mailing list