From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: audit 1.2.2 released
Date: Mon, 22 May 2006 13:31:54 -0400
Message-ID: <200605221331.54945.sgrubb@redhat.com>
References: <200605121726.32952.sgrubb@redhat.com> <4469F585.6030108@hp.com>
	<200605161323.32162.sgrubb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from discovery.boston.redhat.com (discovery.boston.redhat.com
	[172.16.80.171])
	by mail.boston.redhat.com (8.12.8/8.12.8) with ESMTP id k4MHVkr7001643
	for <linux-audit@redhat.com>; Mon, 22 May 2006 13:31:46 -0400
In-Reply-To: <200605161323.32162.sgrubb@redhat.com>
Content-Disposition: inline
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Tuesday 16 May 2006 13:23, Steve Grubb wrote:
> AFAICT, there are 2 places where an access decision is made,
> audit_netlink_ok in kernel/audit.c. And the other place is
> selinux_nlmsg_lookup in  security/selinux/nlmsgtab.c. I think you'd want to
> patch your kernel to  printk its access decision results in both of those
> functions. That should tell us something about what's going on.

Mike,

Did you ever patch your kernel to get more info or did this problem go away in 
the latest kernel (lspp.26)?

-Steve