From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael C Thompson <thompsmc@us.ibm.com>
Subject: Re: audit 1.2.2 released
Date: Thu, 25 May 2006 08:48:34 -0500
Message-ID: <4475B5B2.3010408@us.ibm.com>
References: <200605121726.32952.sgrubb@redhat.com>	<4469F585.6030108@hp.com>	
	<200605161323.32162.sgrubb@redhat.com>	
	<200605221331.54945.sgrubb@redhat.com>	<4473374C.8030902@us.ibm.com>	
	<44738AA0.50006@us.ibm.com> <44739521.7080602@hp.com>	
	<4474B7B2.6030601@us.ibm.com>
	<1148504311.8828.6.camel@code.and.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <1148504311.8828.6.camel@code.and.org>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: James Antill <jantill@redhat.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

James Antill wrote:
> On Wed, 2006-05-24 at 14:44 -0500, Michael C Thompson wrote:
>> Linda Knippers wrote:
>>> I'm running the .27 kernel and the 1.2.2 tools on an x86_64
>>> (Xeon/EM64T) SMP box with the targeted policy in enforcing mode.
>>> I tried to reproduce the problem discussed yesterday (the very fist
>>> rule doesn't take and the rest do) but it seems to work fine on my
>>> system.
>> I've been running mostly on an i686 (Intel) with the .27 kernel and 
>> 1.2.2 tools with the MLS policy. I've tested this on an x86_64 (AMD 
>> opteron) and see this problem too. However, this problem does NOT exist 
>> when using targeted policy, so it is most likely an MLS SELinux issue.
>> My MLS policy is 2.2.42
> 
>  I've recently hit the same issue (or one that looks just like it[1]) on
> current FC-5 with targeted policy in permissive mode.
> 
> [1] Program calls audit_log_user_message() at boot time, and gets -1
> (EPERM) ... if you put a "for (int i = 1; i < 1; ++i)" in front of it,
> it returns 0.

Do you mean to say that embedded audit_log_user_message() inside a loop 
changes it's return code?
int i;
for (i=1;i<1;i++) {
	audit_log_user_message();
}

Is that code sample correct?

Mike