Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing List
subject: Question - dac_override/dac_read_search Date: Fri, 04 Mar 2005 05:19:07 -0500
This specific case is running depmod -a as root. audit(1109930761.807:0): avc: denied { dac_override } for pid=4678 exe=/sbin/depmod capability=1 scontext=root:sysadm_r:depmod_t tcontext=root:sysadm_r:depmod_t tclass=capability audit(1109930761.807:0): avc: denied { dac_read_search } for pid=4678 exe=/sbin/depmod capability=2 scontext=root:sysadm_r:depmod_t tcontext=root:sysadm_r:depmod_t tclass=capability
--
-- subject: Re: Question - dac_override/dac_read_search Date: Mon, 07 Mar 2005 16:03:10 -0500
Happens when the program attempts to access a file in a way that violates the DAC permissions, i.e. file mode bits. Commonly occurs when a root process is running in a user directory or operating on a user file, as it may need to override DAC to access the directory or file. -- Stephen Smalley <sds@tycho.nsa.gov> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.
|
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |