Comments below... > > I've been running mostly on an i686 (Intel) with the .27 kernel and > 1.2.2 tools with the MLS policy. I've tested this on an x86_64 (AMD > opteron) and see this problem too. However, this problem does > NOT exist > when using targeted policy, so it is most likely an MLS SELinux issue. > My MLS policy is 2.2.42 > > > Can you describe more about your configuration and provide exact steps > > to reproduce the problem? > > 1) Reboot your system (so you've a clean slate) > 2) Login (tty or pty, doesn't matter, I've done both) > 3) auditctl -l > Error sending rule list request (Operation not permitted) > 4) auditctl -l > No rules (or whatever you expect to see)
Are you running enforcing or permissive? I only see this behavior on the LSPP kernels (including 28) after transitioning to permissive mode, but not on the FC5 2.6.15 2054 kernel running MLS with the same procedures. Also, I don't see this behavior the same way. I can reboot, login, newrole to auditadm_r and run auditctl -l correctly everytime. The problem behavior I see is as follows below 1) newrole to secadm_r 2) auditctl -l -- denied as expected. 3) setenforce 0 4) auditctl -l -- denied (WRONG) 5) auditctl -l -- works correctly (can repeat as many times as desired) 6) setenforce 1 -- everything is back to normal repeat from #3 to see problems again -Chad -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
