Displaying 5 results from an estimated 5 matches for "portmap_port_t".
2017 Jun 06
2
weird SELinux denial
I keep seeing this in my audit.logs:
type=AVC msg=audit(1496336600.230:6): avc: denied { name_connect } for pid=2411 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket
Was caused by:
The boolean allow_ypbind was set incorrectly.
Description:
Allow system to run with NIS
Allow access by executing:
# setsebool -P allow_ypbind 1
The weirdness is that when I check allow_ypbind, it?s already on:
# getsebool allow_ypbind
allow_ypbind --...
2017 Jun 06
2
weird SELinux denial
...now discovered that if I unset allow_ypbind, and then reset it to 1, audit2why then says
type=AVC msg=audit(1496768649.872:1338): avc: denied { name_connect } for pid=2413 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket
Was caused by:
Unknown - would be allowed by active policy
Possible mismatch between this policy and the one under which the audit message was generated.
Possible mismatch between current in-memory boolean settings vs. permanent ones.
---
Mike VanHorn
Senior Computer...
2017 Jun 06
0
weird SELinux denial
...06/06/2017 09:17 AM, Vanhorn, Mike wrote:
> I keep seeing this in my audit.logs:
>
> type=AVC msg=audit(1496336600.230:6): avc: denied { name_connect } for pid=2411 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket
>
> Was caused by:
> The boolean allow_ypbind was set incorrectly.
> Description:
> Allow system to run with NIS
>
> Allow access by executing:
> # setsebool -P allow_ypbind 1
>
>
> The weirdness is that when I check allow_ypbind, it?s alr...
2017 Jun 06
2
weird SELinux denial
It says what it is my original post; that?s the output from audit2allow ?w (which is audit2why):
Was caused by:
The boolean allow_ypbind was set incorrectly.
Description:
Allow system to run with NIS
Allow access by executing:
# setsebool -P allow_ypbind 1
---
Mike VanHorn
Senior Computer Systems Administrator
College of Engineering and Computer Science
Wright State University
265 Russ
2017 Jun 06
0
weird SELinux denial
...covered that if I unset allow_ypbind, and then reset it to 1, audit2why then says
>
> type=AVC msg=audit(1496768649.872:1338): avc: denied { name_connect } for pid=2413 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket
>
> Was caused by:
> Unknown - would be allowed by active policy
> Possible mismatch between this policy and the one under which the audit message was generated.
>
> Possible mismatch between current in-memory boolean settings vs. permanent ones.
>
&...