200116 – Unmatched audit messages

Bug 200116 - Unmatched audit messages

Summary: Unmatched audit messages

Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	logwatch (Show other bugs)
Sub Component:	(Show other bugs)
Version:	5
Hardware:	All Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Marcela Mašláňová
QA Contact:
Docs Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-07-25 15:41 UTC by Orion Poplawski
Modified:	2007-11-30 22:11 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2006-08-15 11:18:18 UTC
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Orion Poplawski 2006-07-25 15:41:06 UTC

Description of problem:

Get the following after a reboot:

 --------------------- Selinux Audit Begin ------------------------ 

 **Unmatched Entries** 
  audit(1153731696.924:2): enforcing=1 old_enforcing=0 auid=4294967295
  audit(1153731697.852:3): policy loaded auid=4294967295

also have seen this at times:

  audit(1153774712.599:22): user pid=1805 uid=81 auid=4294967295
subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  0 AV entries and 0/512
buckets used, longest chain length 0

The first two should definitely be ignored, and I imagine the second should be
as well.

Version-Release number of selected component (if applicable):
logwatch-7.2.1-1.fc5

How reproducible:
every boot

Comment 1 Marcela Mašláňová 2006-08-14 14:25:21 UTC

Hello,
could you send me the part of /var/log/messages, which speaks about SElinux? I
need to know the source for logwatch.

Comment 2 Orion Poplawski 2006-08-14 16:54:01 UTC

Aug 14 06:51:41 lynx kernel: audit(1155538246.660:2): enforcing=1
old_enforcing=0 auid=4294967295
Aug 14 06:51:41 lynx kernel: audit(1155538247.000:3): policy loaded auid=4294967295
Aug 13 18:18:50 lynx kernel: audit(1155514730.555:389): user pid=2081 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  8 AV entries
and 8/512 buckets used, longest chain length 1

Comment 3 Daniel Walsh 2006-08-15 11:37:25 UTC

I believe these are standard audit messages and are not SELinux reporting any
problems.

Comment 4 Steve Grubb 2006-08-15 13:10:04 UTC

Yes, these are standard audit messages and logwatch needs to be updated to
ignore them.

Note You need to log in before you can comment on or make changes to this bug.

TreeView+

- Top of page