• 1

Here is a Fedora 12 message testing the chown capability with full auditing.

type=PATH msg=audit(01/20/2010 14:43:20.785:41253) : item=0 name=./capable_file/temp_file inode=841249 dev=fd:00 mode=file,644 ouid=root ogid=root rdev=00:00 obj=unconfined_u:object_r:test_file_t:s0

type=CWD msg=audit(01/20/2010 14:43:20.785:41253) : cwd=/home/dwalsh/selinux-testsuite/tests

type=SYSCALL msg=audit(01/20/2010 14:43:20.785:41253) : arch=x86_64 syscall=fchownat success=no exit=-1(Operation not permitted) a0=ffffffffffffff9c a1=1687310 a2=2 a3=ffffffff items=1 ppid=5167 pid=5182 auid=dwalsh uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=1110 comm=chown exe=/bin/chown subj=unconfined_u:unconfined_r:test_nofcap_t:s0-s0:c0.c1023 key=(null)

type=AVC msg=audit(01/20/2010 14:43:20.785:41253) : avc: denied { chown } for pid=5182 comm=chown capability=chown scontext=unconfined_u:unconfined_r:test_nofcap_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:test_nofcap_t:s0-s0:c0.c1023 tclass=capability

  • 1
?

Log in