4

SELinux does not allow auditd to start the process (named myplagin) and does not log the reason in the /var/log/audit/audit.log. The only mention of the denial I found in the /var/log/messages: Centos8 auditd[3119]: Unable to stat /home/cust/myplagin (Permission denied), but I would like to see an audit.log-style denial (type=AVC msg=audit(1705309402.866:1150): avc: denied) to understand what new rules need to be added to the policy.

If you switch SELinux to the Permissive mode, myplagin starts without problems

Improve this question

1 Answer 1

Reset to default
3

There are some denials that don't output anything in the audit log file.

To see these denials, you can temporarily disable "dontaudit" rules with:

semodule -DB

And enable them again once you finished to diagnose:

semodule -B

Source

Improve this answer
3
  • unfortunately it didn't help Commented Feb 8, 2024 at 14:06
  • It means you don't have more logs in /var/log/audit/audit.log? You have nothing with audit2allow -a either? Commented Feb 8, 2024 at 15:23
  • I started getting more denied logs in audit.log and messages.log after this command, but still no denied log about myplagin Still, there is only a single mention of Unable to stat in messages.log and that’s it Commented Feb 8, 2024 at 16:46

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.