On 2/5/20 2:49 AM, Ed Greshko wrote:
On 2020-02-04 10:59, sean darcy wrote:
syslog has this every 10 seconds:
audit[1039229]: AVC avc: denied { read } for pid=1039229 comm="rpm" name="Providename"
dev="dm-1" ino=2622531 scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:
On 2/5/20 1:39 PM, Thomas Cameron wrote:
On 2/4/20 9:51 AM, sean darcy wrote:
How would I find that out ?
# ps aux | grep setroubleshootd
root 1247827 0.0 0.0 112564 896 pts/0 S+ 10:41 0:00
grep --color=auto setroubleshootd
# ps aux | grep sealert
root 1250561 0.0 0.0 112
On 2/4/20 9:51 AM, sean darcy wrote:
How would I find that out ?
# ps aux | grep setroubleshootd
root 1247827 0.0 0.0 112564 896 pts/0 S+ 10:41 0:00
grep --color=auto setroubleshootd
# ps aux | grep sealert
root 1250561 0.0 0.0 112432 896 pts/0 S+ 10:49 0:00
grep
On 2020-02-04 10:59, sean darcy wrote:
> syslog has this every 10 seconds:
>
> audit[1039229]: AVC avc: denied { read } for pid=1039229 comm="rpm"
> name="Providename" dev="dm-1" ino=2622531
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=unconfined_u:object_r:var_lib_t:s0 tclass
On 2/4/20 7:51 AM, sean darcy wrote:
From the setroubleshootd man page:
setroubleshootd is a system daemon which runs under setroubleshoot user
and listens for audit events emitted from the kernel related to
SELinux.
Not very helpful, but it doesn't seem there's any daemon running.
On 2/3/20 10:02 PM, Samuel Sieb wrote:
On 2/3/20 6:59 PM, sean darcy wrote:
syslog has this every 10 seconds:
audit[1039229]: AVC avc: denied { read } for pid=1039229 comm="rpm"
name="Providename" dev="dm-1" ino=2622531
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u
On 2/3/20 6:59 PM, sean darcy wrote:
syslog has this every 10 seconds:
audit[1039229]: AVC avc: denied { read } for pid=1039229 comm="rpm"
name="Providename" dev="dm-1" ino=2622531
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permi
syslog has this every 10 seconds:
audit[1039229]: AVC avc: denied { read } for pid=1039229 comm="rpm"
name="Providename" dev="dm-1" ino=2622531
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
setroubleshootd[1036631]: erro