Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 650B0C282D7 for ; Wed, 30 Jan 2019 13:25:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 3624C2184D for ; Wed, 30 Jan 2019 13:25:57 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=coker.com.au header.i=@coker.com.au header.b="cjM9b9RE" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727101AbfA3NZ5 (ORCPT ); Wed, 30 Jan 2019 08:25:57 -0500 Received: from smtp.sws.net.au ([46.4.88.250]:50572 "EHLO smtp.sws.net.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725851AbfA3NZ4 (ORCPT ); Wed, 30 Jan 2019 08:25:56 -0500 Received: from liv.localnet (localhost [127.0.0.1]) by smtp.sws.net.au (Postfix) with ESMTP id 8C8B2ED93 for ; Thu, 31 Jan 2019 00:25:54 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au; s=2008; t=1548854755; bh=odSKdC97jHCDXEmoZs/SvIjlYZQewzQZVYdNHkXKVuk=; l=1036; h=From:To:Subject:Date:From; b=cjM9b9REqUlcQvnbJwXAk8GO+Z/TvOjc0yJGlIe1whZvXTcJDDp9qVcP8a629uQtZ UJqB7L7+xn1MDq5ZGjLCNFvQm1lpsZ9N6MTg9SZeE5+rGM8puImAGfDba03hmhw1hK x53ay2NosRkT+q2+H+GWBXSYqWcqoHWktgdzy+KM= From: Russell Coker To: "selinux-refpolicy@vger.kernel.org" Subject: strange systemd audit message Date: Thu, 31 Jan 2019 00:02:45 +1100 Message-ID: <2405565.z5mHNXCWPO@liv> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org I'm seeing the following every time I login as sysadm_r, whether it's via / bin/login or sshd. But the login works correctly anyway. Any suggestions for what I should investigate? type=PROCTITLE msg=audit(30/01/19 23:58:01.196:1595535) : proctitle=(systemd) type=SYSCALL msg=audit(30/01/19 23:58:01.196:1595535) : arch=x86_64 syscall=execve success=no exit=EACCES(Permission denied) a0=0x55f2c3008780 a1=0x55f2c2fbe740 a2=0x55f2c302f1e0 a3=0x55f2c2e06010 items=0 ppid=1 pid=19802 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=189 comm=(systemd) exe=/lib/systemd/systemd subj=system_u:system_r:init_t:s0 key=(null) type=AVC msg=audit(30/01/19 23:58:01.196:1595535) : avc: denied { transition } for pid=19802 comm=(systemd) path=/lib/systemd/systemd dev="dm-0" ino=3069920 scontext=system_u:system_r:init_t:s0 tcontext=root:sysadm_r:sysadm_t:s0 tclass=process permissive=0 -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/