Re: dac_override and dac_read_search ... again!

From: Mr Dash Four <mr.dash.four_at_nospam>
Date: Wed Aug 04 2010 - 18:07:36 GMT
To: Daniel J Walsh <dwalsh@redhat.com>

> You have some file that has ownereship such that root can not access the
> file via permissions.
>
> You need to turn on full auditing to get the path of the offending file.
>
> Execute
>
> auditctl -w /etc/shadow -p w
>
> And see if you can generate the error again. Then you should get a path
> with the next avc message.
>
As far as I know, for this to work I would need to have auditd running,
isn't that the case? As I pointed in my initial post, auditd cannot start!

OK, I can force permissive mode, then start auditd, switch back to
enforced mode and then execute auditctl. Then, may be, I could find the
offending path/files causing the issues with the other programs I have
listed in my logs, but how do I deal with the auditd itself? auditctl
requires auditd to be running in order to show the paths, isn't that not
the case?
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux

This message: [ Message body ]
Next message: Daniel J Walsh: "Re: dac_override and dac_read_search ... again!"
Previous message: Daniel J Walsh: "Re: SELINUX_ERR about sendmail (postfix version) on F-13"
Next in thread: Daniel J Walsh: "Re: dac_override and dac_read_search ... again!"
Reply: Daniel J Walsh: "Re: dac_override and dac_read_search ... again!"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]