Hi, folks,
CentOS 7.1. Selinux policy, and targetted, updated two days ago.
May 28 17:02:41 <servername> python: SELinux is preventing /usr/bin/bash
from execute access on the file /usr/bin/bash.#012#012***** <...>
May 28 17:02:45 <servername> python: SELinux is preventing /usr/bin/bash
from execute access on the file /usr/bin/uname.#012#012***** <...> May 28
17:02:45 <servername> python: SELinux is preventing /usr/bin/uname from
execute_no_trans access on the file /usr/bin/uname.#012#012***** <...>
May 28 17:02:47 <servername> python: SELinux is preventing /usr/bin/bash
from execute access on the file /usr/bin/mailx.#012#012***** <...>
I did do an ll =Z /usr/bin, and everything looks correct
(system_u:object_r:bin_t:s0). Given that, looks to me like a policy bug.
No? Yes? File a bug report?
mark
On 29 May 2015 at 16:27, <m.roth at 5-cent.us> wrote:> Hi, folks, > > CentOS 7.1. Selinux policy, and targetted, updated two days ago. > > May 28 17:02:41 <servername> python: SELinux is preventing /usr/bin/bash > from execute access on the file /usr/bin/bash.#012#012***** <...> > May 28 17:02:45 <servername> python: SELinux is preventing /usr/bin/bash > from execute access on the file /usr/bin/uname.#012#012***** <...> May 28 > 17:02:45 <servername> python: SELinux is preventing /usr/bin/uname from > execute_no_trans access on the file /usr/bin/uname.#012#012***** <...> > May 28 17:02:47 <servername> python: SELinux is preventing /usr/bin/bash > from execute access on the file /usr/bin/mailx.#012#012***** <...> > > I did do an ll =Z /usr/bin, and everything looks correct > (system_u:object_r:bin_t:s0). Given that, looks to me like a policy bug. > No? Yes? File a bug report? > > mark > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >I saw the same behaviour this morning, however the labels changed to "unlabelled" for a number of programs; e.g. /etc/ssh/sshd_config, /etc/shadow, /etc/pam/* and a few others. I saw this after I was not able to login to my laptop, login to single user mode and saw tonnes of SELinux errors and changed it from enforcing to permissive and then I was able to restore the labels. Most certainly believe its a bug. -- Kind Regards Earl Ramirez
What is your environment set up for? Is this just straight out of the box, or have you harden the systems any? -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Earl A Ramirez Sent: Friday, May 29, 2015 10:53 AM To: CentOS mailing list Subject: Re: [CentOS] CentOS 7 selinux policy bug On 29 May 2015 at 16:27, <m.roth at 5-cent.us> wrote:> Hi, folks, > > CentOS 7.1. Selinux policy, and targetted, updated two days ago. > > May 28 17:02:41 <servername> python: SELinux is preventing > /usr/bin/bash from execute access on the file > /usr/bin/bash.#012#012***** <...> May 28 17:02:45 <servername> python: > SELinux is preventing /usr/bin/bash from execute access on the file > /usr/bin/uname.#012#012***** <...> May 28 > 17:02:45 <servername> python: SELinux is preventing /usr/bin/uname > from execute_no_trans access on the file /usr/bin/uname.#012#012***** > <...> May 28 17:02:47 <servername> python: SELinux is preventing > /usr/bin/bash from execute access on the file > /usr/bin/mailx.#012#012***** <...> > > I did do an ll =Z /usr/bin, and everything looks correct > (system_u:object_r:bin_t:s0). Given that, looks to me like a policy bug. > No? Yes? File a bug report? > > mark > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >I saw the same behaviour this morning, however the labels changed to "unlabelled" for a number of programs; e.g. /etc/ssh/sshd_config, /etc/shadow, /etc/pam/* and a few others. I saw this after I was not able to login to my laptop, login to single user mode and saw tonnes of SELinux errors and changed it from enforcing to permissive and then I was able to restore the labels. Most certainly believe its a bug. -- Kind Regards Earl Ramirez _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos