|Main Archive Page > Month Archives > fedora-selinux archives|
-----BEGIN PGP SIGNED MESSAGE-----
On 08/04/2010 02:07 PM, Mr Dash Four wrote:
>> You have some file that has ownereship such that root can not access the
>> file via permissions.
>> You need to turn on full auditing to get the path of the offending file.
>> auditctl -w /etc/shadow -p w
>> And see if you can generate the error again. Then you should get a path
>> with the next avc message.
> As far as I know, for this to work I would need to have auditd running,
> isn't that the case? As I pointed in my initial post, auditd cannot start!
> OK, I can force permissive mode, then start auditd, switch back to
> enforced mode and then execute auditctl. Then, may be, I could find the
> offending path/files causing the issues with the other programs I have
> listed in my logs, but how do I deal with the auditd itself? auditctl
> requires auditd to be running in order to show the paths, isn't that not
> the case?
> selinux mailing list
I would boot the machine in permissive mode and with the audit flag set.
You should still get the audit messages and the PATH message.
Most likely this is a file in /etc/ Likely candidates would be
something like resolv.conf, services hosts.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
-- selinux mailing list email@example.com https://admin.fedoraproject.org/mailman/listinfo/selinux