Bug 200116 - Unmatched audit messages
Unmatched audit messages
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: logwatch (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Marcela Mašláňová
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-07-25 11:41 EDT by Orion Poplawski
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-15 07:18:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Orion Poplawski 2006-07-25 11:41:06 EDT
Description of problem:

Get the following after a reboot:

 --------------------- Selinux Audit Begin ------------------------ 

 **Unmatched Entries** 
  audit(1153731696.924:2): enforcing=1 old_enforcing=0 auid=4294967295
  audit(1153731697.852:3): policy loaded auid=4294967295

also have seen this at times:

  audit(1153774712.599:22): user pid=1805 uid=81 auid=4294967295
subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  0 AV entries and 0/512
buckets used, longest chain length 0

The first two should definitely be ignored, and I imagine the second should be
as well.

Version-Release number of selected component (if applicable):
logwatch-7.2.1-1.fc5

How reproducible:
every boot
Comment 1 Marcela Mašláňová 2006-08-14 10:25:21 EDT
Hello,
could you send me the part of /var/log/messages, which speaks about SElinux? I
need to know the source for logwatch.
Comment 2 Orion Poplawski 2006-08-14 12:54:01 EDT
Aug 14 06:51:41 lynx kernel: audit(1155538246.660:2): enforcing=1
old_enforcing=0 auid=4294967295
Aug 14 06:51:41 lynx kernel: audit(1155538247.000:3): policy loaded auid=4294967295
Aug 13 18:18:50 lynx kernel: audit(1155514730.555:389): user pid=2081 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  8 AV entries
and 8/512 buckets used, longest chain length 1
Comment 3 Daniel Walsh 2006-08-15 07:37:25 EDT
I believe these are standard audit messages and are not SELinux reporting any
problems.
Comment 4 Steve Grubb 2006-08-15 09:10:04 EDT
Yes, these are standard audit messages and logwatch needs to be updated to
ignore them.

Note You need to log in before you can comment on or make changes to this bug.