From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 19 Jan 2011 14:23:34 -0500
Subject: [refpolicy] WARNING: at kernel/printk.c:430
	do_syslog+0x40d/0x441()
In-Reply-To: <4D372829.5090509@gmail.com>
References: <4D372829.5090509@gmail.com>
Message-ID: <4D373A36.3050504@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 01/19/11 13:06, Justin P. Mattock wrote:
> this is showing up with the latest kernel in enforcing mode..
> (I have not update the policy and/or selinux userspace)
> 
> [   12.803882] type=1400 audit(1295457694.801:3): avc:  denied  { syslog 
> } for  pid=1540 comm="rsyslogd" capability=34 
> scontext=system_u:system_r:init_t:s0 
> tcontext=system_u:system_r:init_t:s0 tclass=capability2
[cut]
> when using audit2allow I get:
> 
> allow init_t self:capability2 syslog;
> 
> which gives an error when trying to install the module, due to the 
> policy not knowing what capability2 is
> 
> system is ubuntu maverick, if this is already in(refpolicy) then I'll 
> pull the latest when I get a chance..

Support for this capability is upstream in refpolicy.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com