* No AVCs written to /var/log/messages
@ 2014-05-06 14:04 Kim Lawson-Jenkins
2014-05-06 14:11 ` Stephen Smalley
2014-05-06 14:12 ` Eric Paris
0 siblings, 2 replies; 4+ messages in thread
From: Kim Lawson-Jenkins @ 2014-05-06 14:04 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 634 bytes --]
Hi,
I'm working on an embedded system using SELinux. The audit daemon is not
running so AVC errors should be written to /var/log/messages. SELinux is
running in permissive mode and during a system reboot I see a few AVC errors
written to a console. However when I look in /var/log/messages there are no
AVC errors. I haven't seen a similar problem reported in the past. Does
anyone have any ideas why AVC errors would not be written to
/var/log/messages if the audit daemon is not running? I've checked
syslog.conf and all messages with a priority of warning and above should be
written to /var/log/messages.
Kim
[-- Attachment #2: Type: text/html, Size: 2434 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: No AVCs written to /var/log/messages
2014-05-06 14:04 No AVCs written to /var/log/messages Kim Lawson-Jenkins
@ 2014-05-06 14:11 ` Stephen Smalley
2014-05-06 14:54 ` Kim Lawson-Jenkins
2014-05-06 14:12 ` Eric Paris
1 sibling, 1 reply; 4+ messages in thread
From: Stephen Smalley @ 2014-05-06 14:11 UTC (permalink / raw)
To: kim.lawson-jenkins, selinux
On 05/06/2014 10:04 AM, Kim Lawson-Jenkins wrote:
> Hi,
>
>
>
> I’m working on an embedded system using SELinux. The audit daemon is
> not running so AVC errors should be written to /var/log/messages.
> SELinux is running in permissive mode and during a system reboot I see a
> few AVC errors written to a console. However when I look in
> /var/log/messages there are no AVC errors. I haven’t seen a similar
> problem reported in the past. Does anyone have any ideas why AVC errors
> would not be written to /var/log/messages if the audit daemon is not
> running? I’ve checked syslog.conf and all messages with a priority of
> warning and above should be written to /var/log/messages.
Do they show up in dmesg output (or if you cat /proc/kmsg)?
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: No AVCs written to /var/log/messages
2014-05-06 14:11 ` Stephen Smalley
@ 2014-05-06 14:54 ` Kim Lawson-Jenkins
0 siblings, 0 replies; 4+ messages in thread
From: Kim Lawson-Jenkins @ 2014-05-06 14:54 UTC (permalink / raw)
To: 'Stephen Smalley', selinux, 'Eric Paris'
I just used the command
dmesg | grep -i avc
There were 2 errors generated when I used the command; these AVC errors were
written to the console and in the dmesg output. These were the only AVCs
recorded in the dmesg output. The few errors that I would see during system
initialization are not in the dmesg output.
-----Original Message-----
From: Stephen Smalley [mailto:sds@tycho.nsa.gov]
Sent: Tuesday, May 06, 2014 10:11 AM
To: kim.lawson-jenkins@nrl.navy.mil; selinux@tycho.nsa.gov
Subject: Re: No AVCs written to /var/log/messages
On 05/06/2014 10:04 AM, Kim Lawson-Jenkins wrote:
> Hi,
>
>
>
> I'm working on an embedded system using SELinux. The audit daemon is
> not running so AVC errors should be written to /var/log/messages.
> SELinux is running in permissive mode and during a system reboot I see
> a few AVC errors written to a console. However when I look in
> /var/log/messages there are no AVC errors. I haven't seen a similar
> problem reported in the past. Does anyone have any ideas why AVC
> errors would not be written to /var/log/messages if the audit daemon
> is not running? I've checked syslog.conf and all messages with a
> priority of warning and above should be written to /var/log/messages.
Do they show up in dmesg output (or if you cat /proc/kmsg)?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: No AVCs written to /var/log/messages
2014-05-06 14:04 No AVCs written to /var/log/messages Kim Lawson-Jenkins
2014-05-06 14:11 ` Stephen Smalley
@ 2014-05-06 14:12 ` Eric Paris
1 sibling, 0 replies; 4+ messages in thread
From: Eric Paris @ 2014-05-06 14:12 UTC (permalink / raw)
To: kim.lawson-jenkins; +Cc: SE-Linux
Two possible things.
1) in permissive you only get the same denial one time. So if you
launch a program and it causes some denials, the second time you
launch it there will be no denials.
2) If they are early in boot, before syslog starts, they might be
lost, or in old machines there was a /var/log/dmesg...
Do you see the denials when you run the dmesg command?
On Tue, May 6, 2014 at 10:04 AM, Kim Lawson-Jenkins
<kim.lawson-jenkins@nrl.navy.mil> wrote:
> Hi,
>
>
>
> I’m working on an embedded system using SELinux. The audit daemon is not
> running so AVC errors should be written to /var/log/messages. SELinux is
> running in permissive mode and during a system reboot I see a few AVC errors
> written to a console. However when I look in /var/log/messages there are no
> AVC errors. I haven’t seen a similar problem reported in the past. Does
> anyone have any ideas why AVC errors would not be written to
> /var/log/messages if the audit daemon is not running? I’ve checked
> syslog.conf and all messages with a priority of warning and above should be
> written to /var/log/messages.
>
>
>
> Kim
>
>
>
>
>
>
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to
> Selinux-request@tycho.nsa.gov.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-05-06 14:54 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-05-06 14:04 No AVCs written to /var/log/messages Kim Lawson-Jenkins
2014-05-06 14:11 ` Stephen Smalley
2014-05-06 14:54 ` Kim Lawson-Jenkins
2014-05-06 14:12 ` Eric Paris
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.