Daniel J Walsh wrote: > Linda Knippers wrote: > >> Loulwa Salem wrote: >> >> >>> I was running some test cases and ran into a scenario where secadm_r was >>> permitted to write to /var/log/audit/audit.log >>> I was not expecting secadm to be able to perform that operation. However >>> secadm_r was denied appends to the log. and I get AVC messages for >>> append perms in the log (See output below) >>> >>> I am running with the latest .74 kernel and policy.54 in Enforcing >>> ofcourse >>> >>> It doesn't really make sense to me that secadm can completely overwrite >>> the audit log but can't append to it. I didn't think secadm should even >>> have write permission to audit log in the first place >>> >>> Any thoughts on this .. ? >>> >> >> >> I think one way or another, you've uncovered a bug and should file a >> bugzilla. Either the append should work or the truncate/write >> shouldn't. I can envision cases where one might want to allow >> someone to append but not truncate but you're seeing the opposite. >> >> I don't recall whether this is supposed to work for secadm_r or >> not but I'm thinking that it should. I assume both operations work >> with sysadm_r? >> > > I am getting permission denied in either case.
Me too. sysadm_r can do both operations. secadm_r can do neither. -- ljk -- redhat-lspp mailing list [EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-lspp
