Bug 1780332
Summary: | Audit daemon does not halt the system when the audit partition is full | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Iambchop <fjc> | |
Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> | |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> | |
Severity: | high | Docs Contact: | Mirek Jahoda <mjahoda> | |
Priority: | medium | |||
Version: | 7.7 | CC: | fjc, lvrabec, mmalik, plautrba, qguo, sgrubb, ssekidde, vmojzis | |
Target Milestone: | rc | Keywords: | Reopened, Triaged | |
Target Release: | 7.9 | |||
Hardware: | x86_64 | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: |
.SELinux no longer prevents `auditd` to halt or power off the system
Previously, the SELinux policy did not contain a rule that allows the Audit daemon to start a `power_unit_file_t` `systemd` unit. Consequently, `auditd` could not halt or power off the system even when configured to do so in cases such as no space left on a logging disk partition.
With this update, the missing rule has been added to the SELinux policy. As a result, `auditd` can now halt or power off the system.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1826788 (view as bug list) | Environment: | ||
Last Closed: | 2020-09-29 19:55:23 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1826788 |
Description
Iambchop
2019-12-05 17:26:33 UTC
By any chance, are there AVC's during this time? avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target type=USER_AVC msg=audit(1575574335.825:101): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/init 0" scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=AVC msg=audit(1575574335.826:102): avc: denied { read } for pid=1773 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574335.826:103): avc: denied { read } for pid=1773 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=USER_AVC msg=audit(1575574335.828:104): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/init 0" scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=AVC msg=audit(1575574335.828:105): avc: denied { read } for pid=1772 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574335.828:106): avc: denied { read } for pid=1772 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=USER_AVC msg=audit(1575574335.933:107): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/init 0" scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=AVC msg=audit(1575574335.933:108): avc: denied { read } for pid=1789 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574335.933:109): avc: denied { read } for pid=1789 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=USER_AVC msg=audit(1575574335.936:110): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/init 0" scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=AVC msg=audit(1575574335.937:111): avc: denied { read } for pid=1788 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574335.937:112): avc: denied { read } for pid=1788 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=USER_AVC msg=audit(1575574335.946:113): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/init 0" scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1575574335.948:114): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/init 0" scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1575574335.951:115): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/init 0" scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=AVC msg=audit(1575574335.951:116): avc: denied { read } for pid=1784 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574335.951:117): avc: denied { read } for pid=1784 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=USER_AVC msg=audit(1575574335.956:118): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/init 0" scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=AVC msg=audit(1575574335.956:119): avc: denied { read } for pid=1782 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574335.956:120): avc: denied { read } for pid=1782 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=USER_AVC msg=audit(1575574335.958:121): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/init 0" scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=AVC msg=audit(1575574335.959:122): avc: denied { read } for pid=1787 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574335.959:123): avc: denied { read } for pid=1787 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=USER_AVC msg=audit(1575574335.961:124): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/init 0" scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=AVC msg=audit(1575574335.962:125): avc: denied { read } for pid=1786 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574335.962:126): avc: denied { read } for pid=1786 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574335.963:127): avc: denied { read } for pid=1785 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574335.963:128): avc: denied { read } for pid=1785 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574335.964:129): avc: denied { read } for pid=1783 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574335.964:130): avc: denied { read } for pid=1783 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=USER_AVC msg=audit(1575574335.972:131): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/init 0" scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=AVC msg=audit(1575574335.972:132): avc: denied { read } for pid=1781 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574335.972:133): avc: denied { read } for pid=1781 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=USER_AVC msg=audit(1575574335.978:134): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/init 0" scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=AVC msg=audit(1575574335.978:135): avc: denied { read } for pid=1780 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574335.978:136): avc: denied { read } for pid=1780 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=USER_AVC msg=audit(1575574336.109:137): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/init 0" scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1575574336.112:138): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/init 0" scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1575574336.114:139): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/init 0" scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=AVC msg=audit(1575574336.121:140): avc: denied { read } for pid=1799 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574336.122:141): avc: denied { read } for pid=1799 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574336.123:142): avc: denied { read } for pid=1797 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574336.123:143): avc: denied { read } for pid=1797 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574336.123:144): avc: denied { read } for pid=1798 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574336.124:145): avc: denied { read } for pid=1798 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=USER_AVC msg=audit(1575574336.140:146): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/init 0" scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=AVC msg=audit(1575574336.141:147): avc: denied { read } for pid=1796 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574336.141:148): avc: denied { read } for pid=1796 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=USER_AVC msg=audit(1575574336.143:149): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/init 0" scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=AVC msg=audit(1575574336.143:150): avc: denied { read } for pid=1794 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574336.143:151): avc: denied { read } for pid=1794 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=USER_AVC msg=audit(1575574336.201:152): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/init 0" scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1575574336.203:153): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/init 0" scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=AVC msg=audit(1575574336.207:154): avc: denied { read } for pid=1792 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574336.207:155): avc: denied { read } for pid=1792 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574336.207:156): avc: denied { read } for pid=1793 comm="systemctl" name="utmp" dev="tmpfs" ino=14287 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0 type=AVC msg=audit(1575574336 I suspect the AVC's are the problem. You can probably put the system into permissive mode for testing. Just run "setenforce 0" and then retest. The above reduces down to: #============= auditd_t ============== allow auditd_t initrc_var_run_t:file read; allow auditd_t power_unit_file_t:service start; I'll transfer this bz to selinux-policy so that it can be fixed. This issue was not selected to be included in Red Hat Enterprise Linux 7 because it is seen either as low or moderate impact to a small number of use-cases. Red Hat Enterprise Linux 7 is in Maintenance Support 1 Phase, which means that qualified Critical and Important Security errata advisories (RHSAs) and Urgent Priority Bug Fix errata advisories (RHBAs) may be released as they become available. We will now close this issue, but if you believe that it qualifies for the Maintenance Support 1 Phase, please re-open; otherwise, we recommend moving the request to Red Hat Enterprise Linux 8 if applicable. A small number of use-cases. But very important use-cases: * https://access.redhat.com/articles/2918071 * https://www.stigviewer.com/stig/red_hat_enterprise_linux_7/2017-12-14/finding/V-72081 It is a requirement in Common Criteria, FAU_STG.4 Prevention of audit data loss, that requires the audit system take action if it is unable to record audit events. On the SCAP side, there is also, AU-5 RESPONSE TO AUDIT PROCESSING FAILURES, which also has the same requirements. It says: The information system: b. Takes the following additional actions: [Assignment: organization-defined actions to be taken (e.g., shut down information system, overwrite oldest audit records, stop generating audit records)]. It's this first item that high security organizations need. They would rather lose access to a system than allow unaudited access. Some scenarios are so sensitive that they must know everyone that accessed something and when and what they did. Suppose a system contains evidence for a legal proceeding. If someone realizes that auditing is not working, they could delete evidence needed for the trial and change the outcome. This might be z-stream worthy. I've submitted a Fedora PR to address the issue: https://github.com/fedora-selinux/selinux-policy/pull/331 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (selinux-policy bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:3925 |