On Tuesday 16 May 2006 13:23, Steve Grubb wrote: > AFAICT, there are 2 places where an access decision is made, > audit_netlink_ok in kernel/audit.c. And the other place is > selinux_nlmsg_lookup in security/selinux/nlmsgtab.c. I think you'd want to > patch your kernel to printk its access decision results in both of those > functions. That should tell us something about what's going on.
Mike, Did you ever patch your kernel to get more info or did this problem go away in the latest kernel (lspp.26)? -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
