Description of problem: Get the following after a reboot: --------------------- Selinux Audit Begin ------------------------ **Unmatched Entries** audit(1153731696.924:2): enforcing=1 old_enforcing=0 auid=4294967295 audit(1153731697.852:3): policy loaded auid=4294967295 also have seen this at times: audit(1153774712.599:22): user pid=1805 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: 0 AV entries and 0/512 buckets used, longest chain length 0 The first two should definitely be ignored, and I imagine the second should be as well. Version-Release number of selected component (if applicable): logwatch-7.2.1-1.fc5 How reproducible: every boot
Hello, could you send me the part of /var/log/messages, which speaks about SElinux? I need to know the source for logwatch.
Aug 14 06:51:41 lynx kernel: audit(1155538246.660:2): enforcing=1 old_enforcing=0 auid=4294967295 Aug 14 06:51:41 lynx kernel: audit(1155538247.000:3): policy loaded auid=4294967295 Aug 13 18:18:50 lynx kernel: audit(1155514730.555:389): user pid=2081 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: 8 AV entries and 8/512 buckets used, longest chain length 1
I believe these are standard audit messages and are not SELinux reporting any problems.
Yes, these are standard audit messages and logwatch needs to be updated to ignore them.