Red Hat Bugzilla – Bug 224620
AVC_PATH audit records
Last modified: 2007-11-30 17:07:41 EST
Description of problem:
When no audit rules are loaded and an avc is logged from SE Linux, we are not
getting the AUDIT_AVC_PATH record. The SE Linux users really would like this
information since it identifies the file that is involved in the avc.
Version-Release number of selected component (if applicable):
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
patch posted on linux-audit and selinux list, ACKed, backport
posted on rhkernel-list, got one ACK and no NAKs.
moving to state POST since it was posted to the internal list.
You can download this test kernel from http://people.redhat.com/dzickus/el5
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.