fedora-selinux August 2010 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: dac_override and dac_read_search ... again!

Re: dac_override and dac_read_search ... again!

From: Daniel J Walsh <dwalsh_at_nospam>
Date: Wed Aug 04 2010 - 18:55:48 GMT
To: Mr Dash Four <mr.dash.four@googlemail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/04/2010 02:07 PM, Mr Dash Four wrote:
>
>> You have some file that has ownereship such that root can not access the
>> file via permissions.
>>
>> You need to turn on full auditing to get the path of the offending file.
>>
>> Execute
>>
>> auditctl -w /etc/shadow -p w
>>
>> And see if you can generate the error again. Then you should get a path
>> with the next avc message.
>>
> As far as I know, for this to work I would need to have auditd running,
> isn't that the case? As I pointed in my initial post, auditd cannot start!
>
> OK, I can force permissive mode, then start auditd, switch back to
> enforced mode and then execute auditctl. Then, may be, I could find the
> offending path/files causing the issues with the other programs I have
> listed in my logs, but how do I deal with the auditd itself? auditctl
> requires auditd to be running in order to show the paths, isn't that not
> the case?
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
I would boot the machine in permissive mode and with the audit flag set.
 You should still get the audit messages and the PATH message.

Most likely this is a file in /etc/ Likely candidates would be
something like resolv.conf, services hosts.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxZt7QACgkQrlYvE4MpobPQwACgmHdnWJVZf6ukCbEmIA7gVwRa
8LYAn28LRvb5z9Acl3VFZLcb6/W3rAT3
=LCjZ
-----END PGP SIGNATURE-----
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux