Bug 450117
Summary: | Kernel failed to return fully qualified path for AVC denial | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Casey Dahlin <cdahlin> | ||||
Component: | setroubleshoot | Assignee: | John Dennis <jdennis> | ||||
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 9 | CC: | dwalsh, eparis, vanhoof | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-06-05 17:39:13 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Casey Dahlin
2008-06-05 14:08:39 UTC
Created attachment 308441 [details]
AVC denial with unclear path
we normally print the path, which leads me to believe that nm isn't passing anything other than ./ Should we perhaps print cwd if the path begins with ./ ? Hmm. I'm pretty sure the "./" is just some crap that setroubleshoot added for no apparent reason. Its not in the audit records. SELinux will only print the full paths if it is available for free. If you want full paths you need to load an audit syscall. I suggest in /etc/audit/audit.rules: auditctl -a exit,always -S kill -F pid=1 I think this should be moved to and setroubleshoot bug so it will stop saying ./ but the fact you don't get a full path is NOTABUG So we came to the conclusion in the Chat room that you need to take the performance hit if you want to always get the data. |