Lately (few weeks), when I shut the computer down, a long message (3-4 lines) about auditd appears.
I wonder whether this is a problem or just regular behaviour.
I have audit-1.4.2-3.fc6.
This is the output of 'dmesg | grep audit':
Code:
audit: initializing netlink socket (disabled)
audit(1174659000.804:1): initialized
audit(1174659010.035:2): policy loaded auid=4294967295
audit(1174659036.095:3): avc: denied { getattr } for pid=1563 comm="mount.ntfs" name="modprobe" dev=dm-0 ino=5537974 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
audit(1174659036.096:4): avc: denied { execute } for pid=1564 comm="mount.ntfs" name="bash" dev=dm-0 ino=3309776 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
audit(1174659036.096:5): avc: denied { execute_no_trans } for pid=1564 comm="mount.ntfs" name="bash" dev=dm-0 ino=3309776 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
audit(1174659036.096:6): avc: denied { read } for pid=1564 comm="mount.ntfs" name="bash" dev=dm-0 ino=3309776 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
audit(1174659036.098:7): avc: denied { getattr } for pid=1564 comm="sh" name="bash" dev=dm-0 ino=3309776 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
audit(1174659036.099:8): avc: denied { execute } for pid=1564 comm="sh" name="modprobe" dev=dm-0 ino=5537974 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
audit(1174659036.099:9): avc: denied { execute_no_trans } for pid=1564 comm="sh" name="modprobe" dev=dm-0 ino=5537974 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
audit(1174659036.099:10): avc: denied { read } for pid=1564 comm="sh" name="modprobe" dev=dm-0 ino=5537974 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
audit(1174659036.101:11): avc: denied { read } for pid=1564 comm="modprobe" name="modprobe.conf" dev=dm-0 ino=8880199 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:modules_conf_t:s0 tclass=file
audit(1174659036.101:12): avc: denied { getattr } for pid=1564 comm="modprobe" name="modprobe.conf" dev=dm-0 ino=8880199 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:modules_conf_t:s0 tclass=file
audit(1174659036.101:13): avc: denied { read } for pid=1564 comm="modprobe" name="modules.dep" dev=dm-0 ino=1640929 scontext=system_u:system_r:mount_t:s0 tcontext=root:object_r:modules_dep_t:s0 tclass=file
audit(1174659036.101:14): avc: denied { getattr } for pid=1564 comm="modprobe" name="modules.dep" dev=dm-0 ino=1640929 scontext=system_u:system_r:mount_t:s0 tcontext=root:object_r:modules_dep_t:s0 tclass=file
audit(1174659036.139:15): avc: denied { read write } for pid=1564 comm="modprobe" name="fuse.ko" dev=dm-0 ino=1640133 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
audit(1174659036.139:16): avc: denied { lock } for pid=1564 comm="modprobe" name="fuse.ko" dev=dm-0 ino=1640133 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
audit(1174659036.140:17): avc: denied { getattr } for pid=1564 comm="modprobe" name="fuse.ko" dev=dm-0 ino=1640133 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
audit(1174659036.141:18): avc: denied { sys_module } for pid=1564 comm="modprobe" capability=16 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:system_r:mount_t:s0 tclass=capability
audit(1174659036.420:19): avc: denied { mount } for pid=1572 comm="fusermount" name="/" dev=hda1 ino=1 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
audit(1174659051.226:20): audit_pid=2028 old=0 by auid=4294967295 subj=system_u:system_r:auditd_t:s0
Thanks in advance,
O.R.