I'm seeing this in /var/log/messages:
Oct 7 20:46:25 centos dbus: Can't send to audit system: USER_AVC avc: received setenforce notice (enforcing=0) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)
Some googling suggested this was due to a policy issue a year ago, but I'm seeing it with selinux-policy-targeted-2.4.6-30.el5.
I've got a game server program (Enemy Territory Quake Wars 1.1) that fails to resolve a DNS entry unless I setenforce 0, and I'd like to find the audit entry that tells me why. Is this messages entry an indication that that auditing is broken?
--On Sunday, October 07, 2007 11:19 PM -0700 Kenneth Porter shiva@sewingwitch.com wrote:
I've got a game server program (Enemy Territory Quake Wars 1.1) that fails to resolve a DNS entry unless I setenforce 0, and I'd like to find the audit entry that tells me why. Is this messages entry an indication that that auditing is broken?
Ah, looks like SELinux logs to /var/log/audit/audit.log. I didn't see any etqw entries in there and after re-enabling SELinux, etqw could still query its server, so something else must be afoot.
-
Kenneth Porter