search for: avc

...by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep smtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp grep 546AA6099F /var/log/audit/audit.log | audit2why type=AVC msg=audit(1398199187.646:29332): avc: denied { getattr } for pid=23387 comm="smtp" path="/var/spool/postfix/active/546AA6099F" dev=dm-0 ino=395679 scontext=unconfined_u:system_r:postfix_smtp_t:s0 tcontext=unconfined_u:object_r:postfix_spool_maildrop_t:s0 tclass=file Was caus...

...story is this: Gnome3 user wants to burn a CD/DVD. The system is selinux enforcing, selinux boolean cdrecord_read_content is set to on, and the user is confined to staff_u. When the user runs Brasero to burn a disk, the burn operation fails. /var/log/audit/audit.log contains the following: type=AVC msg=audit(1556724762.446:1133340): avc: denied { read } for pid=8296 comm="growisofs" name="devices" dev="proc" ino=4026532225 scontext=staff_u:staff_r:cdrecord_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_t:s0 tclass=file permissive=0 type=AVC msg=audit(1556724...

...rt would probably be helpful. I'm looking back at the message you wrote describing errors in ld-2.17.so. I think what's happening is that the policy on your system includes a silent rule that somehow breaks your system. You'll need to turn on debugging (logging the otherwise silent AVCs) to figure this out, in order to provide information that the maintainers can use to actually fix the problem. So, similar to the previous process: 1: semodule -DB 2: setenforce permissive 3: tail -f /var/log/audit/audit.log | grep AVC 4: use the service, exercise each function that's cons...

...virt_image_t:s0:c281,c675 /dev/sdf [root at srv-1.home ~]# ps axwZ | grep smart[d] system_u:system_r:fsdaemon_t:s0 1762 ? S 0:00 /usr/sbin/smartd -q never When I restarts smartd next messages appears in audit.log: [root at srv-1.home ~]# tail -F /var/log/audit/audit.log | grep type=AVC type=AVC msg=audit(1357993548.964:8529): avc: denied { getattr } for pid=21321 comm="smartd" path="/dev/sdc" dev=devtmpfs ino=6327 scontext=unconfined_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:svirt_image_t:s0:c281,c675 tclass=blk_file type=AVC msg=audit(1357993548....

...pful. > > I'm looking back at the message you wrote describing errors in > ld-2.17.so. I think what's happening is that the policy on your > system includes a silent rule that somehow breaks your system. You'll > need to turn on debugging (logging the otherwise silent AVCs) to > figure this out, in order to provide information that the maintainers > can use to actually fix the problem. > > So, similar to the previous process: > > 1: semodule -DB > 2: setenforce permissive > 3: tail -f /var/log/audit/audit.log | grep AVC > 4: use the serv...

Hi all, I have some AVC in the logs and wonder how to resolve this: Under EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs. # tail -1 /etc/fstab tmpfs /var/lib/php/session tmpfs defaults,noatime,mode=770,gid=apache,size=16777216,context="system_u:object_r:httpd_var_run_t:s0" 0 0 # df...

Am 26.07.20 um 12:23 schrieb Strahil Nikolov: > > ?? 25 ??? 2020 ?. 14:20:19 GMT+03:00, Leon Fauster via CentOS <centos at centos.org> ??????: >> Hi all, >> >> I have some AVC in the logs and wonder how to resolve this: Under >> EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs. >> >> >> # tail -1 /etc/fstab >> tmpfs /var/lib/php/session tmpfs >> defaults,noatime,mode=770,gid=apache,size=16777216,context="syst...

On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote: > https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html > > If disabling Selinux solves your problem, then your problem may be related > to Selinux. > If it does not change yout problem, you may want to look

...ibvirt/images /home/aik/virtimg: -rwxrwxrwx. root root system_u:object_r:virt_content_t:s0 Fedora-18-ppc64-DVD.iso /var/lib/libvirt/images: -rwxrwxrwx. root root system_u:object_r:virt_image_t:s0 fc18guest However "virsh -c qemu:///system create libvirtguest-aik.xml" failes with "avc: denied { dac_override }" and "avc: denied { dac_read_search }". Also, there is "user system_u is not defined" in /var/log/messages what is confusing as "semanage user -l" says it is there. If I simply move Fedora-18-ppc64-DVD.iso to /var/lib/libvirt/images...

...ssing the astdb.sqlite3 file? > > Permissions for this file are... > [root at localhost ~]# ls -l /var/lib/asterisk/astdb.sqlite3 > -rw-r--r--. 1 root root 5120 Mar 15 09:39 /var/lib/asterisk/astdb.sqlite3 > > > [root at localhost ~]# tail -f /var/log/audit/audit.log > type=AVC msg=audit(1489588773.253:1171): avc: denied { read } for pid=3838 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588773.25...

I am seeing these in the log of one of our off-site NX hosts running CentOS-6.6. type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket Was caused by: Missing type enforcement (TE) allow rule. Y...

...1 a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300 items=0 ppid=19417 pid=19418 auid=unset uid=lighttpd gid=lighttpd euid=root suid=root fsuid=root egid=lighttpd sgid=lighttpd fsgid=lighttpd tty=(none) ses=unset comm=sendmail exe=/usr/sbin/exim subj=system_u:system_r:httpd_sys_script_t:s0 key=(null) type=AVC msg=audit(09/22/2017 12:08:29.911:1023) : avc: denied { setgid } for pid=19418 comm=sendmail capability=setgid scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:system_r:httpd_sys_script_t:s0 tclass=capability type=SYSCALL msg=audit(09/15/2017 12:12:14.551:31746) : arch=x86_64...

Fix formatting of Flask AVC audit messages so that existing policy tools can parse them. After applying, ''xm dmesg | audit2allow'' yields the expected result. Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil> --- xen/xsm/flask/a...

...I guess this is a bit OT but perhaps someone has encountered this issue before. On a CentOS 6.3 x86_64 box I have installed postfix and dspam from EPEL. Dspam is configured to listen on port 10026. After having configured dspam and postfix I start dspam and then postfix and I see the following AVC message in audit.log: type=AVC msg=audit(1350920492.936:400): avc: denied { name_bind } for pid=19971 comm="master" src=10026 scontext=unconfined_u:system_r:postfix_master_t:s0 tcontext=system_u:object_r:postfix_master_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1350920492.936:4...

Hi Leon, I don't have access to a CentOS 6.10 system handy, but it looks like a policy issue. If I take you're ausearch output and pipe it to audit2allow on my CentOS 7.6 system, I get the following: #============= httpd_t ============== #!!!! This avc is allowed in the current policy allow httpd_t httpd_sys_script_t:process signull; Noting that on my 7.6 system with selinux enforcing with selinux policy packages at version 3.13.1-229, it notes that your denial would not happen. If you don't have it installed policycoreutils-python provides...

Hi Leon, have you tried mounting with 'httpd_sys_rw_content_t' instead of 'httpd_var_run_t' ? Best Regards, Strahil Nikolov ?? 25 ??? 2020 ?. 14:20:19 GMT+03:00, Leon Fauster via CentOS <centos at centos.org> ??????: >Hi all, > >I have some AVC in the logs and wonder how to resolve this: Under >EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs. > > ># tail -1 /etc/fstab >tmpfs /var/lib/php/session tmpfs >defaults,noatime,mode=770,gid=apache,size=16777216,context="system_u:object_r:httpd_var_run...

On 04/28/2017 12:06 AM, Robert Moskowitz wrote: > > Here are the messages I got: > > type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh } > for pid=3047 comm="cleanup" > scontext=system_u:system_r:postfix_master_t:s0 > tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process > permissive=1 My advice would be to slow down, and solve one pro...

...[FAILED] [root at localhost ~]# After some research, I found this (dated) link http://www.redhat.com/archives/rhl-list/2005-July/msg02443.html and followed the suggestion, setsebool -P use_nfs_home_dirs=1. But I still can't start httpd. Not sure what to make of the audit log: type=AVC msg=audit(1329395502.678:61926): avc: denied { search } for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir type=SYSCALL msg=audit(1329395502.678:61926): arch=c000003e syscall=4 succe...

...: SELinux is preventing the deliver from using potentially mislabeled files (2F746D702F646F7665636F742E64656C697665722E2E313233313235363636372E373934302E35336630663930386635613937373132202864656C6574656429). For complete SELinux messages. run sealert -l afe6e0ae-8c2e-4882-925b-b15e26da2a15 And the AVCs for those: node=jukebox.alleroedderne.adsl.dk type=AVC msg=audit(1231439791.493:10819): avc: denied { search } for pid=9073 comm="deliver" name="tmp" dev=sda3 ino=786433 scontext=system_u:system_r:dovecot_deliver_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir node=juke...

I am seeing these avc messages on a newly commissioned and up-to-date CentOs-6 virtual guest: ---- time->Thu Dec 4 12:14:58 2014 type=SYSCALL msg=audit(1417713298.610:60522): arch=c000003e syscall=2 success=no exit=-13 a0=7fd70e6de1e6 a1=0 a2=1b6 a3=0 items=0 ppid=2698 pid=4294 auid=0 uid=0 gid=0 euid=0 suid=0 fsui...