Displaying 20 results from an estimated 440 matches for "avc".
Did you mean:
ac
2014 Apr 23
1
SELInux and POSTFIX
...by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep smtp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
grep 546AA6099F /var/log/audit/audit.log | audit2why
type=AVC msg=audit(1398199187.646:29332): avc: denied { getattr } for
pid=23387 comm="smtp" path="/var/spool/postfix/active/546AA6099F" dev=dm-0
ino=395679 scontext=unconfined_u:system_r:postfix_smtp_t:s0
tcontext=unconfined_u:object_r:postfix_spool_maildrop_t:s0 tclass=file
Was caus...
2019 May 01
1
Brasero/cdrecord/growisofs with selinux users confined to staff_u
...story is this: Gnome3 user wants to burn a CD/DVD. The
system is selinux enforcing, selinux boolean cdrecord_read_content is
set to on, and the user is confined to staff_u. When the user runs
Brasero to burn a disk, the burn operation fails.
/var/log/audit/audit.log contains the following:
type=AVC msg=audit(1556724762.446:1133340): avc: denied { read } for
pid=8296 comm="growisofs" name="devices" dev="proc" ino=4026532225
scontext=staff_u:staff_r:cdrecord_t:s0-s0:c0.c1023
tcontext=system_u:object_r:proc_t:s0 tclass=file permissive=0
type=AVC msg=audit(1556724...
2017 Apr 26
3
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
...rt would probably be helpful.
I'm looking back at the message you wrote describing errors in
ld-2.17.so. I think what's happening is that the policy on your system
includes a silent rule that somehow breaks your system. You'll need to
turn on debugging (logging the otherwise silent AVCs) to figure this
out, in order to provide information that the maintainers can use to
actually fix the problem.
So, similar to the previous process:
1: semodule -DB
2: setenforce permissive
3: tail -f /var/log/audit/audit.log | grep AVC
4: use the service, exercise each function that's cons...
2013 Jan 12
2
selinux + kvm virtualization + smartd problem
...virt_image_t:s0:c281,c675 /dev/sdf
[root at srv-1.home ~]# ps axwZ | grep smart[d]
system_u:system_r:fsdaemon_t:s0 1762 ? S 0:00
/usr/sbin/smartd -q never
When I restarts smartd next messages appears in audit.log:
[root at srv-1.home ~]# tail -F /var/log/audit/audit.log | grep type=AVC
type=AVC msg=audit(1357993548.964:8529): avc: denied { getattr } for
pid=21321 comm="smartd" path="/dev/sdc" dev=devtmpfs ino=6327
scontext=unconfined_u:system_r:fsdaemon_t:s0
tcontext=system_u:object_r:svirt_image_t:s0:c281,c675 tclass=blk_file
type=AVC msg=audit(1357993548....
2017 Apr 28
0
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
...pful.
>
> I'm looking back at the message you wrote describing errors in
> ld-2.17.so. I think what's happening is that the policy on your
> system includes a silent rule that somehow breaks your system. You'll
> need to turn on debugging (logging the otherwise silent AVCs) to
> figure this out, in order to provide information that the maintainers
> can use to actually fix the problem.
>
> So, similar to the previous process:
>
> 1: semodule -DB
> 2: setenforce permissive
> 3: tail -f /var/log/audit/audit.log | grep AVC
> 4: use the serv...
2020 Jul 25
3
tmpfs / selinux issue
Hi all,
I have some AVC in the logs and wonder how to resolve this: Under
EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs.
# tail -1 /etc/fstab
tmpfs /var/lib/php/session tmpfs
defaults,noatime,mode=770,gid=apache,size=16777216,context="system_u:object_r:httpd_var_run_t:s0"
0 0
# df...
2020 Jul 26
1
tmpfs / selinux issue
Am 26.07.20 um 12:23 schrieb Strahil Nikolov:
>
> ?? 25 ??? 2020 ?. 14:20:19 GMT+03:00, Leon Fauster via CentOS <centos at centos.org> ??????:
>> Hi all,
>>
>> I have some AVC in the logs and wonder how to resolve this: Under
>> EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs.
>>
>>
>> # tail -1 /etc/fstab
>> tmpfs /var/lib/php/session tmpfs
>> defaults,noatime,mode=770,gid=apache,size=16777216,context="syst...
2017 Mar 15
2
Having problem getting Asterisk to work on CentOS 7
On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote:
> https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html
>
> If disabling Selinux solves your problem, then your problem may be related
> to Selinux.
> If it does not change yout problem, you may want to look
2013 Apr 08
1
libvirt, selinux, moving images to ~/images does not work
...ibvirt/images
/home/aik/virtimg:
-rwxrwxrwx. root root system_u:object_r:virt_content_t:s0
Fedora-18-ppc64-DVD.iso
/var/lib/libvirt/images:
-rwxrwxrwx. root root system_u:object_r:virt_image_t:s0 fc18guest
However "virsh -c qemu:///system create libvirtguest-aik.xml" failes with
"avc: denied { dac_override }" and "avc: denied { dac_read_search }".
Also, there is "user system_u is not defined" in /var/log/messages what is
confusing as "semanage user -l" says it is there.
If I simply move Fedora-18-ppc64-DVD.iso to /var/lib/libvirt/images...
2017 Mar 15
2
Having problem getting Asterisk to work on CentOS 7
...ssing the astdb.sqlite3 file?
>
> Permissions for this file are...
> [root at localhost ~]# ls -l /var/lib/asterisk/astdb.sqlite3
> -rw-r--r--. 1 root root 5120 Mar 15 09:39 /var/lib/asterisk/astdb.sqlite3
>
>
> [root at localhost ~]# tail -f /var/log/audit/audit.log
> type=AVC msg=audit(1489588773.253:1171): avc: denied { read } for pid=3838 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
> type=SYSCALL msg=audit(1489588773.25...
2015 Jan 19
2
CentOS-6.6 Fail2Ban and Postfix Selinux AVCs
I am seeing these in the log of one of our off-site NX hosts running
CentOS-6.6.
type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for
pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0
tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket
Was caused by:
Missing type enforcement (TE) allow rule.
Y...
2017 Sep 22
2
selinux prevents lighttpd from printing
...1 a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300 items=0 ppid=19417 pid=19418 auid=unset uid=lighttpd gid=lighttpd euid=root suid=root fsuid=root egid=lighttpd sgid=lighttpd fsgid=lighttpd tty=(none) ses=unset comm=sendmail exe=/usr/sbin/exim subj=system_u:system_r:httpd_sys_script_t:s0 key=(null)
type=AVC msg=audit(09/22/2017 12:08:29.911:1023) : avc: denied { setgid } for pid=19418 comm=sendmail capability=setgid scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:system_r:httpd_sys_script_t:s0 tclass=capability
type=SYSCALL msg=audit(09/15/2017 12:12:14.551:31746) : arch=x86_64...
2009 Aug 14
0
[PATCH] xen/xsm/flask: Fix AVC audit message format
Fix formatting of Flask AVC audit messages so that existing
policy tools can parse them. After applying,
''xm dmesg | audit2allow'' yields the expected result.
Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil>
---
xen/xsm/flask/a...
2012 Oct 22
1
SELinux AVC problem postfix <-> dspam
...I guess this is a bit OT but perhaps someone has encountered this issue
before. On a CentOS 6.3 x86_64 box I have installed postfix and dspam
from EPEL. Dspam is configured to listen on port 10026. After having
configured dspam and postfix I start dspam and then postfix and I see
the following AVC message in audit.log:
type=AVC msg=audit(1350920492.936:400): avc: denied { name_bind } for
pid=19971 comm="master" src=10026
scontext=unconfined_u:system_r:postfix_master_t:s0
tcontext=system_u:object_r:postfix_master_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1350920492.936:4...
2019 Jan 18
1
SElinux AVC signull
Hi Leon,
I don't have access to a CentOS 6.10 system handy, but it looks like a
policy issue. If I take you're ausearch output and pipe it to
audit2allow on my CentOS 7.6 system, I get the following:
#============= httpd_t ==============
#!!!! This avc is allowed in the current policy
allow httpd_t httpd_sys_script_t:process signull;
Noting that on my 7.6 system with selinux enforcing with selinux
policy packages at version 3.13.1-229, it notes that your denial would
not happen. If you don't have it installed policycoreutils-python
provides...
2020 Jul 26
0
tmpfs / selinux issue
Hi Leon,
have you tried mounting with 'httpd_sys_rw_content_t' instead of 'httpd_var_run_t' ?
Best Regards,
Strahil Nikolov
?? 25 ??? 2020 ?. 14:20:19 GMT+03:00, Leon Fauster via CentOS <centos at centos.org> ??????:
>Hi all,
>
>I have some AVC in the logs and wonder how to resolve this: Under
>EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs.
>
>
># tail -1 /etc/fstab
>tmpfs /var/lib/php/session tmpfs
>defaults,noatime,mode=770,gid=apache,size=16777216,context="system_u:object_r:httpd_var_run...
2017 Apr 28
3
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/28/2017 12:06 AM, Robert Moskowitz wrote:
>
> Here are the messages I got:
>
> type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh }
> for pid=3047 comm="cleanup"
> scontext=system_u:system_r:postfix_master_t:s0
> tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process
> permissive=1
My advice would be to slow down, and solve one pro...
2012 Feb 16
3
Baffled by selinux
...[FAILED]
[root at localhost ~]#
After some research, I found this (dated) link
http://www.redhat.com/archives/rhl-list/2005-July/msg02443.html
and followed the suggestion, setsebool -P use_nfs_home_dirs=1. But I still
can't start httpd. Not sure what to make of the audit log:
type=AVC msg=audit(1329395502.678:61926): avc: denied { search } for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1329395502.678:61926): arch=c000003e syscall=4 succe...
2009 Jan 12
1
Deliver *sometimes* delivers via /tmp?
...: SELinux is preventing the
deliver from using potentially mislabeled files
(2F746D702F646F7665636F742E64656C697665722E2E313233313235363636372E373934302E35336630663930386635613937373132202864656C6574656429).
For complete SELinux messages. run sealert -l
afe6e0ae-8c2e-4882-925b-b15e26da2a15
And the AVCs for those:
node=jukebox.alleroedderne.adsl.dk type=AVC
msg=audit(1231439791.493:10819): avc: denied { search } for pid=9073
comm="deliver" name="tmp" dev=sda3 ino=786433
scontext=system_u:system_r:dovecot_deliver_t:s0
tcontext=system_u:object_r:tmp_t:s0 tclass=dir
node=juke...
2014 Dec 04
3
Postfix avc (SELinux)
I am seeing these avc messages on a newly commissioned and up-to-date CentOs-6
virtual guest:
----
time->Thu Dec 4 12:14:58 2014
type=SYSCALL msg=audit(1417713298.610:60522): arch=c000003e syscall=2
success=no exit=-13 a0=7fd70e6de1e6 a1=0 a2=1b6 a3=0 items=0 ppid=2698
pid=4294 auid=0 uid=0 gid=0 euid=0 suid=0 fsui...