From mboxrd@z Thu Jan  1 00:00:00 1970
From: Laurent Bigonville <bigon@debian.org>
Subject: Re: SELinux policy reload cannot be sent to audit system
Date: Thu, 5 Nov 2015 10:26:17 +0100
Message-ID: <563B20B9.6050209@debian.org>
References: <5638DB63.7010204@debian.org>
	<20151103200811.GG1422@madcap2.tricolour.ca>
	<56391D9F.3080301@debian.org>
	<2867240.eZb4Ly0uub@x2> <563B1409.3030803@debian.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="windows-1252"; Format="flowed"
Content-Transfer-Encoding: quoted-printable
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (ext-mx07.extmail.prod.ext.phx2.redhat.com
	[10.5.110.31])
	by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id tA59QMGn015015
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NO)
	for <linux-audit@redhat.com>; Thu, 5 Nov 2015 04:26:22 -0500
Received: from anor.bigon.be (anor.bigon.be [91.121.173.99])
	by mx1.redhat.com (Postfix) with ESMTPS id 06A2DC1A0BCC
	for <linux-audit@redhat.com>; Thu,  5 Nov 2015 09:26:22 +0000 (UTC)
Received: from anor.bigon.be (localhost.localdomain [127.0.0.1])
	by anor.bigon.be (Postfix) with ESMTP id 1CAD61A1BB
	for <linux-audit@redhat.com>; Thu,  5 Nov 2015 10:26:20 +0100 (CET)
Received: from anor.bigon.be ([127.0.0.1])
	by anor.bigon.be (anor.bigon.be [127.0.0.1]) (amavisd-new, port 10026)
	with ESMTP id vBFKeezwC7_H for <linux-audit@redhat.com>;
	Thu,  5 Nov 2015 10:26:18 +0100 (CET)
Received: from [IPv6:2a02:578:85fc:1::6b5] (unknown
	[IPv6:2a02:578:85fc:1::6b5])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(Client did not present a certificate) (Authenticated sender: bigon)
	by anor.bigon.be (Postfix) with ESMTPSA id CCCDB1A070
	for <linux-audit@redhat.com>; Thu,  5 Nov 2015 10:26:17 +0100 (CET)
In-Reply-To: <563B1409.3030803@debian.org>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com



Le 05/11/15 09:32, Laurent Bigonville a =E9crit :
> Le 05/11/15 04:23, Steve Grubb a =E9crit :
>> I tested this on Fedora 22 and did not get a USER_AVC from dbus, but =

>> I also
>> did not get an error message in syslog. So, I don't know what to make =

>> of it.
>> (And for the record, I have a bz open saying that USER_AVC is the =

>> wrong event
>> type. They are blaming libselinux but I blame them for not using
>> AUDIT_USER_MAC_POLICY_LOAD.)
> The audit code in dbus has been refactored a bit in the version =

> present F23 and debian unstable, so it might be related to this that.
>
> Do you still have the number of that bz bug?

BTW, systemd is also apparently sending a USER_AVC event when the policy =

is reloaded.