On Wednesday 18 February 2009 12:16:14 pm Dan Gruhn wrote: > I'm getting an auditctl startup SELinux violation that is showing up > with a user ID of -1 (4294967295 in my case).
-1 means that the command was run by something that was not initiated by a login. IOW, probably initscripts. > I can fix the violation, but before I do I thought I saw something a while > back about setting a parameter or defining a variable on power-up so that > one didn't get the -1 for something that came up in the wrong order. There is nothing that fixes that. This is just a statement of fact. The error originated from a non-login path. What you might be remembering is that you should put a audit=1 in the boot params of the kernel. This is so that you don't have any unauditable processes. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
