Error Sending Status Requested Operation Not Permitted
Storage SAN NAS Projects About Home > IT Architecture, Kernel, Linux, Networking Security, Security, Systems, Unix > resolved - auditd STDERR: Error deleting rule Error sending enable request (Operation not permitted) resolved - auditd STDERR: Error deleting rule Error sending enable request (Operation not permitted) September 19th, 2014 Today when I try to restart auditd, the following error message prompted: [2014-09-18T19:26:41+00:00] ERROR: service[auditd] (cookbook-devops-kernelaudit::default line 14) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1' ---- Begin output of /sbin/service auditd restart ---- STDOUT: Stopping auditd: [ OK ] Starting auditd: [FAILED] STDERR: Error deleting rule (Operation not permitted) Error sending enable request (Operation not permitted) ---- End output of /sbin/service auditd restart ---- Ran /sbin/service auditd restart returned 1 After some reading of manpage auditd, I realized that when audit "enabled" was set to 2(locked), any attempt to change the configuration in this mode will be audited and denied. And that maybe the reason of "STDERR: Error deleting rule (Operation not permitted)", "Error sending enable request (Operation not permitted)". Here's from man page of auditctl: -e [0..2] Set enabled flag. When 0 is passed, this can be used to temporarily disable auditing. When 1 is passed as an argument, it will enable auditing. To lock the audit configuration so that it can't be changed, pass a 2 as the argument. Locking the configuration is intended to be the last command in audit.rules for anyone wishing this feature to be active. Any attempt to change the configuration in this mode will be audited and denied. The configuration can only be changed by rebooting the machine. You can run auditctl -s to check the current setting: [root@centos-doxer
sending status request (Operation not permitted) Date: Wed, 25 Jan 2006 22:51:01 -0500 I recently switched from FC4 targeted (enforcing) to strict (permissive) using selinux-policy-strict-1.27.1-2.16.noarch.rpm. I did a touch /.autorelabel before rebooting. I see this: [bruce BorgCube ~]$ su - Password: Error sending status request (Operation not permitted) [root http://www.doxer.org/resolved-auditd-stderr-error-deleting-rule-error-sending-enable-request-operation-not-permitted/ BorgCube ~]# The last part of the /var/log/audit/audit.log shows: type=SYSCALL msg=audit(1138247001.111:13162965): arch=40000003 syscall=5 success=yes exit=3 a0=866125b a1=c2 a2=180 a3=3a8083 items=1 pid=8250 auid=4294967295 uid=501 gid=100 euid=0 suid=0 fsuid=0 egid=100 sgid=100 fsgid=100 comm="su" exe="/bin/su" type=AVC msg=audit(1138247001.111:13162965): avc: denied { create } for http://www.redhat.com/archives/fedora-selinux-list/2006-January/msg00117.html pid=8250 comm="su" name=.xauthVpNVFy scontext=user_u:user_r:user_t tcontext=user_u:object_r:sysadm_home_dir_t tclass=file type=AVC msg=audit(1138247001.111:13162965): avc: denied { add_name } for pid=8250 comm="su" name=.xauthVpNVFy scontext=user_u:user_r:user_t tcontext=root:object_r:sysadm_home_dir_t tclass=dir type=AVC msg=audit(1138247001.111:13162965): avc: denied { write } for pid=8250 comm="su" name=root dev=dm-0 ino=11392129 scontext=user_u:user_r:user_t tcontext=root:object_r:sysadm_home_dir_t tclass=dir type=SYSCALL msg=audit(1138247001.111:13162967): arch=40000003 syscall=207 success=yes exit=0 a0=3 a1=0 a2=0 a3=0 items=0 pid=8250 auid=4294967295 uid=501 gid=100 euid=0 suid=0 fsuid=0 egid=100 sgid=100 fsgid=100 comm="su" exe="/bin/su" type=AVC msg=audit(1138247001.111:13162967): avc: denied { setattr } for pid=8250 comm="su" name=.xauthVpNVFy dev=dm-0 ino=11392172 scontext=user_u:user_r:user_t tcontext=user_u:object_r:sysadm_home_dir_t tclass=file type=USER msg=audit(1138247001.325:13165423): user pid=8250 uid=501 auid=4294967295 msg='PAM session open: user=root exe=/bin/su (hostname=?, addr=?, terminal=pts/2 result=Success)' Any ideas? If I change to strict, enforcing, will this prevent me from su to root? Bruce [Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]
Help Suggestions Send Feedback Answers Home All Categories Arts & Humanities Beauty & Style Business & Finance Cars & Transportation Computers & Internet Consumer Electronics Dining Out Education & Reference Entertainment & Music Environment Family & Relationships Food & Drink Games & Recreation Health https://answers.yahoo.com/question/?qid=1006031510915 Home & Garden Local Businesses News & Events Pets Politics & Government Pregnancy & Parenting Science & Mathematics Social Science Society & Culture Sports Travel Yahoo Products International Argentina Australia http://osdir.com/ml/fedora-selinux/2006-01/msg00117.html Brazil Canada France Germany India Indonesia Italy Malaysia Mexico New Zealand Philippines Quebec Singapore Taiwan Hong Kong Spain Thailand UK & Ireland Vietnam Espanol About About Answers Community Guidelines error sending Leaderboard Knowledge Partners Points & Levels Blog Safety Tips Computers & Internet Programming & Design Next Error sending status request (Operation not permitted)? I get this error when I do an 'su' inside a vserver. Update: To clear up any confusion: it's not about a webserver. vserver is a virtualization technology for Linux that will allow you to error sending status run multiple Linux'es inside your Linux session. The problem might not be vserver related. When from a command line in Linux, I try to become root, I get the message. In fact,... show more To clear up any confusion: it's not about a webserver. vserver is a virtualization technology for Linux that will allow you to run multiple Linux'es inside your Linux session. The problem might not be vserver related. When from a command line in Linux, I try to become root, I get the message. In fact, the message appears 3 times in a row. I do successfully become root though. Follow 1 answer 1 Report Abuse Are you sure you want to delete this answer? Yes No Sorry, something has gone wrong. Trending Now Kylie Jenner Conor McGregor Cartoon Stars Shailene Woodley Cheap Airline Tickets 2016 Crossovers Blake Snyder Joey Bosa Olivia Palermo Free Credit Report Answers Best Answer: check how you are sendign the request. post / get see if your sever is running properly. Source(s): srihari_reddy_s · 1 decade a
did a touch /.autorelabel before rebooting. I see this: [bruce at BorgCube ~]$ su - Password: Error sending status request (Operation not permitted) [root at BorgCube ~]# The last part of the /var/log/audit/audit.log shows: type=SYSCALL msg=audit(1138247001.111:13162965): arch=40000003 syscall=5 success=yes exit=3 a0=866125b a1=c2 a2=180 a3=3a8083 items=1 pid=8250 auid=4294967295 uid=501 gid=100 euid=0 suid=0 fsuid=0 egid=100 sgid=100 fsgid=100 comm="su" exe="/bin/su" type=AVC msg=audit(1138247001.111:13162965): avc: denied { create } for pid=8250 comm="su" name=.xauthVpNVFy scontext=user_u:user_r:user_t tcontext=user_u:object_r:sysadm_home_dir_t tclass=file type=AVC msg=audit(1138247001.111:13162965): avc: denied { add_name } for pid=8250 comm="su" name=.xauthVpNVFy scontext=user_u:user_r:user_t tcontext=root:object_r:sysadm_home_dir_t tclass=dir type=AVC msg=audit(1138247001.111:13162965): avc: denied { write } for pid=8250 comm="su" name=root dev=dm-0 ino=11392129 scontext=user_u:user_r:user_t tcontext=root:object_r:sysadm_home_dir_t tclass=dir type=SYSCALL msg=audit(1138247001.111:13162967): arch=40000003 syscall=207 success=yes exit=0 a0=3 a1=0 a2=0 a3=0 items=0 pid=8250 auid=4294967295 uid=501 gid=100 euid=0 suid=0 fsuid=0 egid=100 sgid=100 fsgid=100 comm="su" exe="/bin/su" type=AVC msg=audit(1138247001.111:13162967): avc: denied { setattr } for pid=8250 comm="su" name=.xauthVpNVFy dev=dm-0 ino=11392172 scontext=user_u:user_r:user_t tcontext=user_u:object_r:sysadm_home_dir_t tclass=file type=USER msg=audit(1138247001.325:13165423): user pid=8250 uid=501 auid=4294967295 msg='PAM session open: user=root exe=/bin/su (hostname=?, addr=?, terminal=pts/2 result=Success)' Any ideas? If I change to strict, enforcing, will this prevent me from su to root? Bruce -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20060125/95f93a94/attachment.html Thread at a glance: Pr