[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-selinux-list
Subject: Re: sealert and FC17
From: Daniel J Walsh <dwalsh () redhat ! com>
Date: 2012-08-04 11:45:44
Message-ID: 501D0B68.4040309 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/03/2012 11:35 AM, m.roth@5-cent.us wrote:
> Thomas Cameron wrote:
>> On 08/03/2012 09:06 AM, m.roth@5-cent.us wrote:
>>> Dan,
>>>
>>> I read your post at <http://danwalsh.livejournal.com/26053.html>, but
>>> what I still don't understand is this: on a user's system (actually,
>>> my manager's). What I need, and not just for his system, is a way to
>>> do what setroubleshoot *used* to do: give me a sealert in a logfile so
>>> I can run it from a command line.
>>
>> Have you installed setroubleshoot and setroubleshoot-server?
>>
>> Once you do, you can use e.g. sealert to read the alerts from the command
>> line.
>
> I must be missing something. Yes, they're both installed. I tried sealert
> -a /var/log/audit/audit.log, and got nothing - in there, I see a lot of
> SERVICE START and SERVICE STOP. I tried the same on /var/log/messages,
> where I see avc's; for example, <timestamp> <name> kernel: [96575.845662]
> type=1400 audit(1344007740.130:4055): avc: denied { open } for pid=5804
> comm="awk" name="ld.so.cache" dev="dm-0" ino=61036
> scontext=system_u:system_r:ksmtuned_t:s0
> tcontext=system_u:object_r:file_t:s0 tclass=file
>
> but get nothing. What am I missing?
>
> mark
>
> -- selinux mailing list selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
Looks like sealert does not recognize this as an AVC. Not sure why. I will
look into it. Anyways file_t means your machine is seriosly mislabeled.
file_t means the object has no label on it, in dhis case ld.so.cache, which
will cause everything to blow up.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlAdC2gACgkQrlYvE4MpobOjngCeKyiL1q27BqKT/wht5xa+K9AF
NKgAn1R7tLzTApEyaXa7dxXTXTGK0mhr
=BKsw
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic