On 02/18/2010 04:43 PM, Scott Salley wrote:
for pid=3158 comm="lsassd" name="CORPQA" dev=dm-0 ino=195681 scontext=unconfined_u:system_r:lsassd_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir type=SYSCALL msg=audit(1266523695.550:22225): arch=c000003e syscall=188 success=yes exit=0 a0=7fab640399f0 a1=3ea9415649 a2=7fab64027990 a3=21 items=0 ppid=2790 pid=3158 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="lsassd" exe="/usr/sbin/lsassd" subj=unconfined_u:system_r:lsassd_t:s0 key=(null)
Run the avc through audit2why