All of lore.kernel.org
 help / color / mirror / Atom feed
* how to troubleshoot SELinux when auditd won't start?
@ 2015-10-18  8:19 Bond Masuda
  2015-10-18  9:57 ` Jason Zaman
  2015-10-19 14:39 ` Daniel J Walsh
  0 siblings, 2 replies; 3+ messages in thread
From: Bond Masuda @ 2015-10-18  8:19 UTC (permalink / raw)
  To: selinux

I'm running into an issue where SELinux is preventing auditd from 
starting. But I can't figure out exactly what SELinux is not happy about 
since without auditd, I can't look for AVC messages. I think SELinux is 
blocking auditd from starting up because auditd starts up once I do 
'setenforce 0'.

Any advice?
Bond

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: how to troubleshoot SELinux when auditd won't start?
  2015-10-18  8:19 how to troubleshoot SELinux when auditd won't start? Bond Masuda
@ 2015-10-18  9:57 ` Jason Zaman
  2015-10-19 14:39 ` Daniel J Walsh
  1 sibling, 0 replies; 3+ messages in thread
From: Jason Zaman @ 2015-10-18  9:57 UTC (permalink / raw)
  To: Bond Masuda; +Cc: selinux

On Sun, Oct 18, 2015 at 01:19:00AM -0700, Bond Masuda wrote:
> I'm running into an issue where SELinux is preventing auditd from 
> starting. But I can't figure out exactly what SELinux is not happy about 
> since without auditd, I can't look for AVC messages. I think SELinux is 
> blocking auditd from starting up because auditd starts up once I do 
> 'setenforce 0'.

If auditd is not running the avc's go into dmesg. dmesg | grep avc will
show any.

-- Jason

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: how to troubleshoot SELinux when auditd won't start?
  2015-10-18  8:19 how to troubleshoot SELinux when auditd won't start? Bond Masuda
  2015-10-18  9:57 ` Jason Zaman
@ 2015-10-19 14:39 ` Daniel J Walsh
  1 sibling, 0 replies; 3+ messages in thread
From: Daniel J Walsh @ 2015-10-19 14:39 UTC (permalink / raw)
  To: Bond Masuda, selinux

Avcs should show up in the /var/log/messages or the journal even if
audit is not running.

On 10/18/2015 04:19 AM, Bond Masuda wrote:
> I'm running into an issue where SELinux is preventing auditd from
> starting. But I can't figure out exactly what SELinux is not happy
> about since without auditd, I can't look for AVC messages. I think
> SELinux is blocking auditd from starting up because auditd starts up
> once I do 'setenforce 0'.
>
> Any advice?
> Bond
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to
> Selinux-request@tycho.nsa.gov.
>
>

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-10-19 14:39 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-10-18  8:19 how to troubleshoot SELinux when auditd won't start? Bond Masuda
2015-10-18  9:57 ` Jason Zaman
2015-10-19 14:39 ` Daniel J Walsh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.