Bug 200116 - Unmatched audit messages
Summary: Unmatched audit messages
Alias: None
Product: Fedora
Classification: Fedora
Component: logwatch (Show other bugs)
(Show other bugs)
Version: 5
Hardware: All Linux
Target Milestone: ---
Assignee: Marcela Mašláňová
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2006-07-25 15:41 UTC by Orion Poplawski
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-08-15 11:18:18 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Orion Poplawski 2006-07-25 15:41:06 UTC
Description of problem:

Get the following after a reboot:

 --------------------- Selinux Audit Begin ------------------------ 

 **Unmatched Entries** 
  audit(1153731696.924:2): enforcing=1 old_enforcing=0 auid=4294967295
  audit(1153731697.852:3): policy loaded auid=4294967295

also have seen this at times:

  audit(1153774712.599:22): user pid=1805 uid=81 auid=4294967295
subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  0 AV entries and 0/512
buckets used, longest chain length 0

The first two should definitely be ignored, and I imagine the second should be
as well.

Version-Release number of selected component (if applicable):

How reproducible:
every boot

Comment 1 Marcela Mašláňová 2006-08-14 14:25:21 UTC
could you send me the part of /var/log/messages, which speaks about SElinux? I
need to know the source for logwatch.

Comment 2 Orion Poplawski 2006-08-14 16:54:01 UTC
Aug 14 06:51:41 lynx kernel: audit(1155538246.660:2): enforcing=1
old_enforcing=0 auid=4294967295
Aug 14 06:51:41 lynx kernel: audit(1155538247.000:3): policy loaded auid=4294967295
Aug 13 18:18:50 lynx kernel: audit(1155514730.555:389): user pid=2081 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  8 AV entries
and 8/512 buckets used, longest chain length 1

Comment 3 Daniel Walsh 2006-08-15 11:37:25 UTC
I believe these are standard audit messages and are not SELinux reporting any

Comment 4 Steve Grubb 2006-08-15 13:10:04 UTC
Yes, these are standard audit messages and logwatch needs to be updated to
ignore them.

Note You need to log in before you can comment on or make changes to this bug.