From: Laurent Bigonville <bigon@debian.org>
To: linux-audit@redhat.com
Subject: Re: SELinux policy reload cannot be sent to audit system
Date: Tue, 3 Nov 2015 21:48:31 +0100 [thread overview]
Message-ID: <56391D9F.3080301@debian.org> (raw)
In-Reply-To: <20151103200811.GG1422@madcap2.tricolour.ca>
Le 03/11/15 21:08, Richard Guy Briggs a écrit :
> On 15/11/03, Steve Grubb wrote:
>> On Tuesday, November 03, 2015 06:12:07 PM Laurent Bigonville wrote:
>>>
>>> I'm running in permissive mode.
>>>
>>> I'm seeing a netlink open to the audit:
>>>
>>> dbus-daem 1057 messagebus 7u netlink 0t0 15248 AUDIT
>>>
>>> Apparently audit_send() returns -1
>> Since its -1, that would be an EPERM. No idea where this is coming from if you
>> have CAP_AUDIT_WRITE. I use pscap to check that.
> Are you in a container of any kind or any non-init USER namespace? I
> can't see it being denied otherwise assuming it is only trying to send
> AUDIT_USER_* class messages. (This assumes upstream kernel.)
No, I initially saw this on my laptop and then tested on F23 in kvm.
> I guess I have to ask which kernel too, since changes to NET and PID
> namespaces are somewhat recent and Debian tends on the side of
> conservative to be stable.
I'm under debian unstable and the kernel I'm running is 4.2
>
>>> I've been to reproduce this on F23 as well.
>> I have not played around with that yet.
> What kernel is that?
4.2 too apparently.
Cheers,
Laurent Bigonville
next prev parent reply other threads:[~2015-11-03 20:48 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-03 16:05 SELinux policy reload cannot be sent to audit system Laurent Bigonville
2015-11-03 16:28 ` Steve Grubb
2015-11-03 16:38 ` Paul Moore
2015-11-03 17:12 ` Laurent Bigonville
2015-11-03 19:33 ` Steve Grubb
2015-11-03 20:08 ` Richard Guy Briggs
2015-11-03 20:48 ` Laurent Bigonville [this message]
2015-11-05 3:23 ` Steve Grubb
2015-11-05 8:32 ` Laurent Bigonville
2015-11-05 9:26 ` Laurent Bigonville
2015-11-05 13:20 ` Steve Grubb
2015-11-05 23:03 ` Steve Grubb
2015-11-05 23:19 ` Laurent Bigonville
2015-11-06 1:25 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56391D9F.3080301@debian.org \
--to=bigon@debian.org \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).