Red Hat Bugzilla – Bug 503756
Denials of setenforce are not being reported in the audit.log
Last modified: 2009-06-02 16:56:54 EDT
Description of problem:
If I execute
sandbox setenforce 0
I would expect a big denial in the audit.log
# sandbox setenforce 0
/usr/sbin/setenforce: setenforce() failed
sh-4.0# ausearch -m avc -ts recent
Sadly no AVC is reported.
If I put the machine in permissive mode I do see the AVC.
#============= sandbox_t ==============
allow sandbox_t security_t:file write;
allow sandbox_t security_t:security setenforce;
Do you have dontaudit on open of security_t:file? I don't see the open...
Ditto for security_t:dir search.
You aren't ever reaching the setenforce check in enforcing mode.
I am an idiot, never mind.
I will allow domains to getattr on /selinux and search the selinux_t so that we can get them attempting to write the security_t file.
BTW There is n o open of security_t.