* I have a question about log on SELinux
@ 2005-07-21 13:28 shintarou_fujiwara
2005-07-25 14:15 ` Stephen Smalley
0 siblings, 1 reply; 2+ messages in thread
From: shintarou_fujiwara @ 2005-07-21 13:28 UTC (permalink / raw)
To: selinux
My name is Shin from JAPAN.
Hello, I'm pretty new to this SELinux world,but one of my friend have some
question on logging .
He is now using RHEL4u1 and testing SELinux .
He uses targeted & enforcing and httpd_enable_cgi tuned off .
When he accesses to cbi-bin directory, he got these messages on
/var/log/messages.
######################################################
#First one is,
Jul 12 18:16:20 host1 kernel:
audit(1121159780.840:0): avc: denied { search } for pid=3037
comm=httpd name=cgi-bin dev=cciss/c0d0p1 ino=883150
^^^^
scontext=user_u:system_r:httpd_t
tcontext=system_u:object_r:httpd_sys_script_exec_t
tclass=dir
#Second one is,
Jul 12 18:16:20 host1 kernel:
audit(1121159780.840:0): avc: denied { getattr } for pid=3037
comm=httpd path=/var/www/cgi-bin dev=cciss/c0d0p1 ino=883150
^^^^
scontext=user_u:system_r:httpd_t
tcontext=system_u:object_r:httpd_sys_script_exec_t
tclass=dir
########################################################
His question is , the difference between "name" and "path" .
He and I have no idea the differences between these two.
They look totaly the same...
Please give us an advice .
Thank you.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: I have a question about log on SELinux
2005-07-21 13:28 I have a question about log on SELinux shintarou_fujiwara
@ 2005-07-25 14:15 ` Stephen Smalley
0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2005-07-25 14:15 UTC (permalink / raw)
To: shintarou_fujiwara; +Cc: selinux
On Thu, 2005-07-21 at 22:28 +0900, shintarou_fujiwara wrote:
> His question is , the difference between "name" and "path" .
>
> He and I have no idea the differences between these two.
> They look totaly the same...
name is just a single path component, whereas path is a complete path.
Depending on the particular hook location, SELinux can sometimes
generate a path for the audit record but in many cases cannot do so and
is limited to just the component name. It always logs the device and
inode information.
You can use the audit framework to get more information, although RHEL4
may not support it until a later update. Run 'auditctl -e 1'
or boot your kernel with audit=1 to enable syscall auditing. Then the
audit framework will emit syscall audit messages after any SELinux audit
messages.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-07-25 14:15 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-07-21 13:28 I have a question about log on SELinux shintarou_fujiwara
2005-07-25 14:15 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.