Recently I waded into the deep end of the SELinux pool by configuring
it to enforce targeted policy. Unfortunately I get a seemingly
endless quantity of "avc: granted" messages in my syslog, especially
when I do something like mindlessly playing a java-based poker game.
Seems to me it'd be fine if it logged only "avc: denied" events. Is
there a way to configure things to do just that? Am I shunting the
security intent of SELinux by doing so?
Sample log of java_vm session (about 35 seconds wall time):
Apr 3 18:57:44 localhost kernel: audit(1144108664.329:1030): avc:
granted { execmem } for pid=32484 comm="java_vm"
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
Apr 3 18:57:49 localhost kernel: audit(1144108669.354:1031): avc:
granted { execmem } for pid=32484 comm="java_vm"
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
Apr 3 18:57:49 localhost kernel: audit(1144108669.978:1032): avc:
granted { execmem } for pid=32484 comm="java_vm"
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
Apr 3 18:57:53 localhost kernel: audit(1144108673.818:1033): avc:
granted { execmem } for pid=32484 comm="java_vm"
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
Apr 3 18:57:59 localhost kernel: audit(1144108679.598:1034): avc:
granted { execmem } for pid=32484 comm="java_vm"
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
Apr 3 18:58:01 localhost kernel: audit(1144108681.606:1035): avc:
granted { execmem } for pid=32484 comm="java_vm"
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
Apr 3 18:58:05 localhost kernel: audit(1144108685.787:1036): avc:
granted { execmem } for pid=32484 comm="java_vm"
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
Thanks,
Jay
